Security and Paranoia

May 06, 2010

I'm on the mailing list of the International Spy Museum in Washington DC. Now you know. Since I've been working here in DC for a while, I thought I might attend a seminar in their series. It was good.

On the dais were three talking heads who carried forth on matters concerning Rendition and CIA Black Sites. According to those gathered the CIA operated at least four. Thailand, Poland, Lithuania, Afghanistan and possibly Diego Garcia.

It was a very good session, but as expected, not long and detailed enough to satisfy my curiosity and questions. I did get an opportunity to ask two. Since I think quantitatively, my first question was how many do we know, of those external renditions detoured captives through the black sites? The answer was about 3 dozen over past 20 years. A couple of the speakers did throw around the word 'disappeared' used as a verb, but it was not made clear to me how long it is that a rendee is rent. If I'm in the business of moving Suspect A to Country Two in a legal rendition I do so with the cooperation of Country One and Country Two. So if I take him to Black Site X for n years, how long is it before Country Two starts pissing and moaning? It wouldn't make much sense to disappoint them, especially if we want some cooperation in the future. The overall numbers of renditions number in the hundreds but not in the thousands over the past 20 years. Starting somewhere around 1995 under Clinton there were 70 some-odd renditions, they stepped up sometime later and really got going after 9/11.

It is also unclear to me the ratio of countries who use rendition vs those who use extradition. The manner in which the subject was discussed leads me to believe that extradition treaties are rarer than one would expect - rarer than say trade treaties, and so rendition picks up more than a little slack in the global market of prisoner exchange.The guy in the red shirt across the room asked that question derailing one of mine about the difference between rendition and extradition and Bellinger responded lawyerly well. Mine would have been more specific to Bush's Coalition of the Willing with regard to its expansion of the number of extradition arrangements we have with those countries specifically relating to enemy combatants. However Bellinger's response alluded to the heavy consequences of reciprocity in establishing extradition treaties and, well I think it should be rather obvious that Americans are often seen as criminals by the G77 and we'd be haggling all freakin' day. Better to use rendition than suffer the extra burdens of extradition - even for Al Qaeda.

So to be clear, my reckoning is that there were maybe 1200 renditions in the past 20 years some fraction of those were directly to the US and the great majority of all renditions lead to criminal trials either here or elsewhere. The more controversial of the renditions were those facilitated by the CIA between two countries other than the US, and the most controversial are those between other countries with a stop at a CIA black site along the way. And of those we know to the best of our ability to know that half a half dozen detainees were waterboarded on our properties, though some unknown number may have been subjected to more inhumane treatment by parties known to the CIA in exchange of coerced intelligence. Sources and methods, I'd tell you but I'd have to kill you, yadda yadda.

To remedy all of this madness would require someone with the cajones of Alberto Gonzales to stick his neck out and do independent research on what an enemy combatant is and how you handle such creatures. However since Gonzales was hung out to dry by the like of Nancy Pelosi and the loyal opposition in Congress, the entire subject matter has become uncomfortably taboo under the present Administration. And thus the solution to capture or kill has become kill. And today we have Predator drones doing dirty work that is more acceptable than GTMO work. In other words, instead of capturing personas non grata of foreign soil and subjecting them to the moral and legal complexities of rendition and coercive interrogation, we are merely subjecting them to remotely controlled high explosive munitions on foreign soil without a declaration of war. Pick your poison. Oh ye of Democrat short attention span, do ye recall your horror at Colin Powell's 'video game warfare' in Desert Storm? Well, there is a quantitative difference, but the fact that nobody's even trying to lawyer their way towards a better solution shows the damage done to the body politic by rhetorical bombast and overkill against Bush, Gonzales, Cheney et al. In the meanwhile the military tribunals are still in effect because those running them sued Obama when he tried to stop them.

So my second question was in reference to what possibilities we might have to get Judge Posner's ideas about a CT Circuit implemented. I got some appreciative nods from the panel but Bellinger steered the question back towards rendition. He suggested something I forget because it seemed off the point and tangent I was getting towards. Half of the disgust, from my perspective, with rendition has everything to do with whether the end result is a legitimate criminal trial. And as much as Halperin squawked about failure to Mirandize, as much as Priest duly noted the problems criminal judges have in bringing forth evidence of national security in open court, you'd think they would be much in favor of such a court. To this end, I think Bellinger was playing his hand as a Congressional lobbyist and former White House insider. He knows the answers about policy and now is in a position to get paid for shaping legislation out of a no-op Congress. I really don't know how that business works, but it sounds like a whole lot of fun and profit. Nevertheless, his point, though I forget it, made some sense.

Still, since we only had 90 minutes and three speakers it was predictable that various tactics were employed to make the maximizing (or minimizing) impact.

I came prepared not to like Dana Priest, since I was somewhat familiar with her Post work and noted how bloggers in my circle faulted her for not outing the political persuasion of Mary McCarthy, that woman most closely identified with being the source of her information on CIA black sites. Instead, she detailed a trail of evidence demonstrating the dogged determination of herself and her colleague in tracking down tail numbers of mysterious planes owned by mysterious companies with officers who all have 'Episcopalian' names. Hey, I resent that, says Michael David brother to Bryan Thomas, grandson of Raymond Curtis. But she didn't seem to have much of an axe to grind and was somewhat deferential to yet mystified by the awesome power of computer mediated communications, aka 'the internet' or as she called it, the 2.0 World.

As an aside, it turns out that I may have been one of the crowd whose participation in the planespotting swarm assisted in driving attention towards Priest's research. Oh no wait. That was a year late. Hmm. Point taken.

Without 'journalism', meaning the dogged determination of people with curiosity and database resources, we would not be able to know what it is the government doesn't want us to know. Of course the CIA may be a lot further down the pike with respect to their ability to corral dogged determination and database resources, but just because Dana Priest cannot bell that cat doesn't mean a lot of us mice cannot. I tend to, some would say callously, not give a rat's about the fate of three dozen international terrorist rats over twenty years. So I'm not so interested in belling the CIA cat. AFAIK they were not a rogue operation as the panelists agreed, and the convenient amnesia of critters like Nancy Pelosi is more disgusting to me than the cruelty heaped upon various and sundry jihadis.

Speaking of cruelty, there was no way that we couldn't derail the conversation in the direction of 'waterboarding is torture' histrionics. Mort certainly had a point, a crusader's point, but a valid one nonetheless that you cannot make any judgment on the merits of rendition without giving consideration to the ends of that rendition. If a legal rendition results in an illegal interrogation or worse, then the legality of that rendition is questionable. Moral figleaf. Criminal facilitation. Nor can you insert the comforting language of Condoleeza Rice with regard to the US' respect for the sovereign integrity of Country One and Country Two, if the assurances of rendition amount to a wink and a nod between two intelligence services. Do I trust the CIA when it collaborates with ISI or Shin Bet? Hell no. Those bastards can do anything, and that indeed is their purpose - to do what is doable. Mort's crusade is not without merit, it just defies logic and is ultimately indefensible. You can't ask spy agencies to be accountable in such matters as renditions and black sites. Well, you can, and you set yourself up for being the recipient of an arbitrarily long paper trail. And considering the fact that the Congress will necessarily dither based upon how electable it makes them, and the Judiciary cannot get a lawyer with good shoes in edgewise, especially in Lithuania, we are at the mercy of the Administration. In the case of Obama, Bush and Clinton, war is war, and they reserve all powers they can muster, including Monsters on a Leash.

What I could not get a good sense of was the degree of culpability approaching a standard of declaring some individual persona non grata and subject to an extra-territorial arrest, rendition, detention and such (such meaning interrogation approaching and including torture).

I had some difficulty with Mort Halperin because he works for George Soros, the kind of globalist who defies nationalism. At the same time Halperin speaks about America being a beacon on the hill whose respect for the rule of law should have no peer, he crosses himself to defy America because certain European countries have laws against extradition and rendition to countries that have the death penalty. He has what seems to be an extraordinary faith in the ability to trust democratic actions to make the proper corrections for the excesses of executive action such as the CIA is involved in - all for the purposes of justice. But I think he believes that there is more justice in the world than the world is capable of delivering on time and under budget. Therefore it is his wont to go after the obvious excpetions, the biggest cases where we did wrong, wrong, wrong. Well there are plenty of barrelfish for that moral shotgun, starting with Khalid El Masri the German citizen who, in a case of mistaken identity, was actually kidnapped and detained in a black site for a year then dumped back into Germany without so much as an apology and a pack of hand sanitizer. That guy convinced an attorney that his incredible journey actually happened and so we have a real scandalous fiasco, and a legal victory for the victim. But as witness for the prosecution of the US, I think Halperin overstates (difficult for a neocon like me to admit) the intensity of America's beacon of light to the world. I am not one of those who believes that the level of civilization of a nation can be determined by the fate of its prisoners. I think it should be obvious that enemies of the state, such as Al Qaeda is determined to be, will face some of our most inglorious bastards, and they should. I am not so convinced that three dozen assassinations over 20 years is unacceptable, but perhaps I read too much history and am not so convinced that America breeds a different, kinder, gentler sort of human being.

So as Halperin rants under the wing of Soros, I tend to be very skeptical of his concepts of international law and of his application of it in this case. After all, it is not his job to keep anyone safe. And while I appreciate his appetite for limiting undemocratic power, I can't say with confidence that any greater good is adequately served by drawing attention to the families of Al Qaeda fighters who may have been used to draw such fighters into traps. Why should those widows and orphans be compensated by the US, ever? As well, Halperin stepped into a sandtrap in describing his view of 'the field of battle'. That was just an error born in the Vietnam era that has yet to be buried. It is not useful at all.

All of the panelists remarked on the relative amnesia of the public and what's not getting done to move reasonably forward on this complex matter. And all said Obama's no better, which is not really a surprise to me. Still, I'm thinking, perhaps to the chagrin of both Bellinger and Halperin that some of us out here in the blogosphere are a very proper audience to all of the details that can be exposed. And the International Spy Museum is really missing out on an opportunity, given the SRO turnout at their 12.50 a head seminar, to extend this conversation onto a website. There may not be a business model that can get someone with the skills of Dana Priest, John Bellinger, and Mort Halperin to enter arguments and documents into a critical and thoughtful public. That is why I find it rather sad that they make money where they are tangential to their ability to hold forth an extraordinary discourse on a matter of such weight.

On the other hand, the whole thing was taped. Maybe we'll find it on YouTube.

September 25, 2009

I just thought about something after reading this longish and well thought out essay on password security. A key is just a key. It doesn't matter how sophisticated the lock is if you can break the door.

The answer to his questions and longing are PasswordSafe, a tool that generates excellent quality passwords and doesn't require you to remember them. I've been using it for years and I have 843 passwords.

But think about choosing passwords just like you choose car keys and how cars are stolen. Wait. You say you don't spend a lot of time choosing your car key? And you know that car thieves don't pick locks, they hotwire? You mean they just defeat all that security by going around it? Yep. When identity thieves steal, they might make use of the occasional unlocked door, but they have tools that bypass security systems over which you have no control.

July 12, 2009

Down this way in Miller's Alley, we don't get bent out of shape over things we cannot control. So it goes without saying that it's not bloody likely that we're going to make a big deal over something we can't even see. Yet the firestorm heading this way over the fact that Dick Cheney is involved with a still secret CIA anti-terrorist program has got people freaking out left and right.

It's all a matter of trust.

I trust Dick Cheney because I read his biography, and I determined that I found his character admirable. I understand very well that the man lost much sleep over concern for American safety from terror. It's true that the government has had a heavy hand in much we might have handled for ourselves. In the same way we tend to discount the effectiveness of color-coded warnings at the airports, we Americans are ready to look after our own safety. We know that we have our own back, but does Cheney have it? For all of us, he did, but only half of us believed him. Those of us that did would still have been fine, for the most part, if he said we were primarily responsible.

I suspect that the secret CIA program is domestic spying above and beyond the whole FISA envelope. My guess is that the CIA took over or co-opted the infamous Carnivore and ran botnets. But that's just wild speculation. My other guess is that it might have something to do with other secret sites that were built after the first set of secret sites were closed and as such were involved in reditions. But whatever it was that the CIA did, domestically or otherwise, one cannot prove much right now. It means that the Left and Democrats will have to jumpstart an entirely new sort of diatribe. Civil liberties can't be the subtext, nor can international relations. Whatever it is, coming out on Obama's watch, it is fundamentally unproductive to drag Cheney or Congressional oversight through the mud.

It seems to me that the only way to win is on one extreme or another. Squelch the entire matter, or expose it 100% Of course that would be logical. So long as there is some way to squeeze an emotion out of the American public, there will be an illogical political win inherent in this matter. This undermines the confidence that logical Americans have in their own politics.

July 06, 2009

Driving through California's Central Valley gives one a lot of time to think. But only when I was smelling something thickly agricultural did I think last week of the valley itself. It wasn't until I was on my way back home and crossing the road to Bakersfield did I really ponder all those fruits and vegetables and livestock en masse.

The thing I was thinking was a dirty bomb, and I scared the piss out of myself.

From Wikipedia:

The Central Valley is one of the world's most productive
agricultural regions. On less than 1 percent of the total farmland in
the United States, the Central Valley produces 8 percent of the
nation’s agricultural output by value: 17 billion USD in 2002. Its
agricultural productivity relies on irrigation from both surface water
diversions and groundwater pumping from wells. About one-sixth of the
irrigated land in the U.S. is in the Central Valley.[4]

Virtually all non-tropical crops are grown in the Central Valley,
which is the primary source for a number of food products throughout
the United States, including tomatoes, almonds[5][6], grapes, cotton, apricots, and asparagus.

Four of the top five counties in agricultural sales in the U.S. are
in the Central Valley (2002 Data). They are Fresno County (#1 with
$2.759 billion in sales), Tulare County (#2 with $2.338 billion), Kern
County (#4 with $2.058), and Merced County (#5 with $2.058 billion). 2002 Data Sets

Now I could probably do some smarter thinking about it, but I just figured that the right dirty bomb in the Central Valley would just kill all the agriculture and basically Los Angeles would starve.

September 04, 2008

July 24, 2008

I've been thinking about the perfect crime, but only for a hot moment.

Two stories are inspiring such thoughts. The first is of some guys who made the mistake of monetizing their hack of electronic subway passes. They figured a way to cut a paper passcard with some moola in it such that each piece had the same value. They added a nickel of value to it and got a fresh card from the machine, which in turn could be cut into sections and the trick repeated. The crime was perfect until they got busted selling the 'legit' cards on the street at a discount.

The second story is of a network guy who set up some kind of system lockout on the network he was responsible for in order to make some demand or other. He shortly thereafter turned over the password and protocol which got the system back on foot. This one is especially interesting because his accusers charge him with putting in some special programs that will leave the system in perfect tact until it accidentally crashes, and then the administrative mode to fix the crash is somehow permanently disabled. Meaning the system is fine but the next time it crashes will be the last time because he would have rendered it impossible to fix or debug.

If this guy actually did that, it's a very brilliant self-serving application which amplifies his importance as a fixit man. The righteous thing to do should have been to quit without announcing any demands and hope the system didn't crash for several weeks or months.

Anyway, I've noticed that implicit in the desire to do a crime is often the desire to profit from that crime. It's rather the sore spot isn't it? Sabotage without a goal resulting in the desired inefficiency without any additional connectable motive has got to be part of the formula for a perfect crime. A profiteer has to seem to gain from sheer luck. N'est-ce pas?

It turns out that nickel has recently tripled in price over the past year or so. Who the hell pays attention to the price of nickel? Well, somebody. Moreover, how many refiners of nickel are there in the country? Are there maybe eight smelters in the whole US? Remember how the Bass brothers tried to corner the silver market in the 80s? Well why not by speculative amounts of the nickel market and find some way to have a couple smelters knocked offline in a totally 'coincidental' manner? Or since cobalt rises and falls with nickel, why not target the nickel plants with your terrorism and work the cobalt angle instead?

July 20, 2008

Not too long ago I considered a concept called the Last ID, which
would be a universal identification and authentication system initiated
by the US State Department. As many people have noted, there are
purportedly millions of people around the globe who perceive their
stake in American government seriously enough to wish they could vote
in American elections. I suspect that some of this is a result of the
paranoia endemic in the viral vectors of Bush Derangement Syndrome, but
certainly it does make some sense independent of that propaganda. So I promoted the idea:

Three movies come to mind when I think about how difficult it is to
find ones family in war, Blood Diamond, Schindler's List and Hotel
Rwanda. Forget about American civil liberties for a moment and think
about what an enormous service to the world it would be if we went made
a huge locator database for every human on the planet. I'm willing to
suggest that a proper system wold be of tremendous benefit to humanity
if it were done with the LLP concept in mind. That is to say you could
absolutely and positively identify people but that through LLP, the
people themselves would be in control of the associations known to the
system of authentication.

And with that control of associations in mind, Fernandez of Belmont reports the following:

A paper in an Australian policy journal
has proposed letting citizens choose their degree of relationship to
the State in proportion to the degree to which they intend to be
dependent on its assistance or guidance. Recalling Ronald Reagan’s
famus dictum that ‘The nine most terrifying words in the English
language are, “I’m from the government and I’m here to help,” ’ the
authors propose that people be free to choose either to declare their
dependence on the state — in which case they may be told what to do —
or opt to be relatively independent so that in most cases, the
government would simply get out of their lives. The need is urgent,
because if something isn’t done, an increasingly intrusive government
will simply consume all available free energy.

As Fernandez astutely recognizes, as soon as we opt out of
citizenship, well everything breaks. I mean what if you're a welfare
guy who doesn't want to spend a dime on "Reagan's Army" aren't you
dependent on the army anyway? And what if you're a rich guy who doesn't
want to spend a dime on "Carter's Welfare", aren't you dependent on
those millions as well? If the state can't compel, it cannot rule, it
cannot protect. There are only very limited ways that second-class
citizenship can work, and practically speaking we already have it
through the tangle of loopholes that are our lack of enforcements.

This is a consideration with regard to the applicability of
voluntary association in a national identification system - if you
allow opt out, people will probably hedge their way out of as many
obligations as possible. In which case you are going to have the kind
of situation in which banks might find themselves - lending out money
they don't actually possess based upon their assumptions about how much
people would withdraw at any time. What is the liquidity of obligation?

March 17, 2008

Now that I am pretty much officially thinking like an old man, I will speculate about a particular fear. That fear is that America becomes a military dictatorship. Why? Because only men like John McCain understand and respect the idea of sacrifice for higher purposes.

Two things have to fail of course. One is the moral courage of the elites that run things today, and two is the belief by the military in the sanctity of the Constitution. I think we're a long way from both of these situations, but I may be looking at the wrong indicators. So my fear may or may not be justified and the threat is not clear or present. The problem is that I keep seeing the same things Gerard does, and I get fed up.

I want to hate the lazy slobs of our public and retreat to some corner where sweet reason if not prevailing is at least present in heaping gobs. Why do I feel more and more like Colonel Jessup?

February 17, 2008

One of the implications left hanging in the discussion of habeas corpus and a reasonable right to security in my proposal of a domestic intelligence organization similar in charter to MI5 is this, the regularization of surveillance.

The basic problem with injunctions against surveying known innocents and protecting those same innocents from local threats is that the latter requires the former. Let us take an analogy of toddlers at the playground.

Most of us are familiar with the dreaded parental duty of taking kids to the park. It is a dreaded duty because it requires that parents generate a new set of skills, which is to be able to see when and if your kids are getting into trouble without obsessing and driving yourself or the kids crazy in the process. I have three kids which are very close in age and so I have been tested to the limit. You take them to the playground and let them go and then you go sit on a bench and try to get some peace and quiet. Every minute or so, you look up to find out if your kid is still doing the relatively safe thing they were doing a minute ago or if they've wandered towards the edge of danger. This is surveillance.

As a part of this surveillance, you're also watching other people's kids who may be playing by other sets of rules. For example, if your kids are not permitted climb trees or are unskilled at the task, you have to watch out for kids who do, as they will seduce your kids into this dangerous fun. Two of my kids are adept, one is a little slower. I have watched other parents go Defcon 1 when they find my kids have treed their kids. I know my kids don't curse, so I watch out for kids who do. Same thing with throwing sand, losing shoes, etc etc. A good parent knows how diligent to be and when to intervene, when to panic, when their instructions will be followed or defied. A bad parent leaves their kids unsupervised. Then again, this depends upon the threat level. Are the swings full? Is there a teenager spinning the merry-go-round at 100 RPM? Are kids going up the slide the wrong way? Are you the only parent? The dynamism of this situation is extraordinary. Just ask any parent.

Sooner or later you get good, and your kids grow their own sense of security. But that only happens because you have a big fat history of surveillance to know the little things that end up being big things. Soon you can spot a trouble-maker kid in 20 seconds.

The problem with America's domestic surveillance is that we don't really have any, and because we want some, we are suddenly forced into a situation rather like having your cousin Pookie watch over the kids for you in the park. He doesn't have the skills. If you want to understand when abnormal activity is happening over a communications medium, you have to know what normal activity is. In other words unless the watchdogs have established some kind of baseline as to what non-terrorist activity looks like over our nation's telecommunications networks, we are hard-pressed to find out what terrorist activity looks like. It is a fundamental conundrum that must be resolved.

It seems to me that the solution is to develop a protocol for our own MI5 that allows them to look and holds their information in escrow of some sort. The problem isn't what the Bush Administration is doing, it's that too many people simply don't trust them to do what it is they do. We've had a series of FISA reforms since this problem broke, and the Administration has almost always gotten their way each time. That's because nobody in Congress, rightly, wants to be held responsible for foot-dragging on the connect-the-dots enterprise. Quite frankly, I don't like the broken firewalls and the hugeness of Homeland Security. So I say create something relatively new and let it do what needs to be done.

I have spent the past five years working in the New York City public
schools and have three teenage children of my own. There is a
generation coming of age that is hopeful, hard-working, innovative and
imaginative. But too many of them are also hopeless, defeated and
disengaged. As parents, we have a responsibility to help our children
to believe in themselves and in their power to shape their future.
Senator Obama is inspiring my children, my parents’ grandchildren, with
that sense of possibility.

...I have never had a president who inspired me the way people tell me
that my father inspired them. But for the first time, I believe I have
found the man who could be that president — not just for me, but for a
new generation of Americans.

As you know, I happen to think that in many ways the comparison is apt. That puts me in the class of fuddy-duddies who would have said that Kennedy was too young and inexperienced to run this nation. But you can't deny that he appeals to the young - just like the Beatles.

You know what scares the bejeesus out of me? Not that Obama wins, but that he wins and gets assassinated, just like JFK. This country would go completely bananas. Absolutely, positively apeshit. The level of domestic chaos following the untimely death of President Obama would make me want to pack my stuff and move to...hmmm... Omaha to wait it out with the guys at Berkshire Hathaway.

January 10, 2008

Now I remember what was on CNN last evening when I went to Friday's. It was a poll to see whether or not people believed it was unconstitutional for polling workers to ask for ID when people go to vote.

Well you should know that this is one of those long lingering boogie men that haunt the minds of your more loopy civil libertarians - that it echoes of the racist discrimination of the Jim Crow South. Now there was some constitutional amendment, I think, or other such federal case that was made out of this matter, and it had gone to the back burner, rather like interracial marriage. But of course like interracial marriage, some people just never get over their poor home training.

Now I don't know much about the average level of self-esteem in the average African American but I've seen paranoia in action. Don't laugh. It's a sobering thing. I've also seen racial profiling up close and personal. In fact, I've experienced my share. So believe me when I tell you that it is not far from consideration that the very idea of being asked for ID at a voting booth is liable to move people into diatribe mode about setting the race back to slavery days. With any luck, my lighting rod will pick up such very arguments. (If not I'll google a blog or two and trackback).

If I were a Baptist preacher in Los Angeles, I would offer the following sermon:

January 01, 2008

I can't decide whether or not it is good for me to be famous. But my preliminary conclusion is that it is bad, primarily because fame is something you cannot manage. That is, fame for the average person is bad because the average person cannot manage it. But for the celebrity, fame is good.

Sunday, I took Boy up to Six Flags Magic Mountain. The best ride there is called Tatsu. We waited in line for 2 hours before we got our thrill on. During that time, we were chatted up by Michael and Suzanne. Michael is in Hollywood, he's an actor and producer and it wasn't 10 minutes before he handed me his card. Suzanne is a train the trainer at JPL, I got hers too. It was a cool and wide ranging conversation about everything from 50 meter objects hitting Mars, rodeo poker, pilots in North Carolina to NASCAR family dynasties to the movie Four Brothers to hoodies with eye-holes. We also talked a lot about the software and film industries. What I love and hate about Hollywood folks is that they are dysfunctionally over-sociable. Every conversation comes back around to The Business, and that's how people in entertainment get work. Parties are marketing opportunities. It permeates your life. And so I get their business cards and websites and IMDB listing quickly, as opposed to conversations with normal people In which I never get such information.

Hollywood folks are prepared for stardom and fame. They have a way of living on the very edge of it, of being teased by it, of nursing it. They see it in a different way, I think, than the rest of it. And the ones who survive have to manage it well. Similarly, I have had to manage fame in being a notable blogger and on-air personality. I pay very close attention to how I'm known, why I'm known and most importantly, how I would deal with the possibility that I could become very well known. So when I talk about identity, I pay close attention to how I have changed mine as an online persona over the years, and how actors and celebrities have a close or far distance from the way they are known.

An actor has become a different thing, I think in our society. The discipline has been transformed over the 20thC, as has the nature of celebrity and fame. It has to do with the pervasiveness of media and the extent to which an actor is perceived as being authentic. I'd like to use the term 'actor' almost interchangeably with 'agent'. Not agent as in talent agent, but more like secret agent. An actor is a person but an actor has a role. An actor's credibility, his fame comes from the success of portaying that role. The success accrues to the root person for something that may or may not have anything to do with who the person actually is. The actor, unlike an agent, does not set out to deceive his audience against their interests, but the efforts are similar. It is a confidence game.

Nulan has an interesting take on being in the world but not of the world, and I immediately think of subversion of hegemony. Subversion is not implicit in living off the grid, but the matter of the social contract is deep within the presumptions of dropping out or participating in some subculture or alternative lifestyle. There are inevitable political costs to social independence.

This brings me back to fame and identity, belonging and the social contract. How much does fame help or hinder? People want to claim R Kelly. People want to claim Benazir Bhutto. Name recognition and the familiarity with an accepted credible act isthe currency. Both Kelly and Bhutto know how to parlay and manage that fame regardless of the acts of the person. They are big enough to compartmentalize and they manage that well. They get the benefit of a doubt. They are influential enough to merit a double standard, which they have earned in the eyes of millions.

I think this is a unique skill that is being brought forth in contemporary times - to have legends and multiple titles and mythologies associated with one's persona. I always look towards myth and the history of kings and rulers in anticipating the things that wealthy and powerful people in America will expect for themselves, some portion of which will trickle down. We didn't always, in the broad middle class, have credit but the expansion of the American economy meant that would come. So manipulations of identity are coming down the pike to American whales, and then to the upper-middle class.

My association with Hollywood folks will help me understand the vicissitudes of fame management and my tech background will help me understand what's up with managing virtual selves. It should be an interesting combination. I'll be blogging on it this year.

December 31, 2007

A month or so ago, I chanced upon a website that advocated a new kind of contract between persons. They called it a limited liability persona. It was a very cool thing and I think it's the future of identity. At least I hope so.

Part of the problem with identity theft these days is that ultimately it all boils down to a few small keys and then you're busted. Most of your most significant IDs are keyed by your mother's maiden name and your social security number. Most people should know by now that there are duplicates. It also doesn't take much to forge a number. The idea that's cool about the LLP is that you can establish your own authentication independently of every other kind of contract you have.

When it comes to a national ID, there's a certain amount of paranoia and ignorance. It's probably something I should get involved in a bit more in. I checked out a video not long ago - the guy from Sxip talked about identity 2.0, but that whole conversation seems to have disappeared, or at least some of the experts have gone to secret projects. It rather reminds me of the time several years ago when we were talking about micropayments and the 'impossibility' of setting up that thing which has become PayPal. There's a certain inevitability to it, you just don't know where it's going to come from.

I had a conversation with myself the other day merging the four factors, GWOT, LLP, Immigration and Identity Theft all into one.

One of the interesting things I discovered is that one of the reasons we know there are about 12 million illegal immigrants living in the US is because the credit bureaus know. They keep databases and they share databases. Let's think about the capability right now, and let's do it in terms of voter fraud. In approximately 30 seconds, from a million locations, I can create a connection that talks to some number of computers and gets 40 bucks out of my bank account. I'm not talking about ATMs, I'm talking about cash registers. I have a PIN, I have a 16 digit ID number, I have an expiration date and a three digit code on the back of the card for additional validation. Your kids and my kids are used to getting gift cards that just sit in large displays at the local supermarket ready to be activated for 25 bucks worth of iTunes downloads. That's kind of like the LLP, it is a persona you create just for the purposes of music downloads, and the security system allows you to activate it for a preset maximum. There are never going to be concerns about duplicate numbers on gift cards. You just use big numbers.

If I were president, the first thing I would do is to initiate a worldwide census. I would direct the State Department to publish all of the kinds of persons we recognize and start keeping tabs. One of the great difficulties we have in dealing with the War on Terror is that we haven't dealt with a couple realities. Consider them:

1. Detention is the Ultimate Solution

As Edward Luttwak points out, all guerrilla wars, urban or rural (urban guerrilla is a common euphemism, meaning terrorist)
can be won by detaining every human being who might possibly be an
enemy, holding them securely until the war is over and the winner is
clear, and then releasing them without punishment. Like, duh, man.
Which has more negative impact on innocent civilians: internment in a
civilized detention center, or involvement in a civil war?

...The insurgents require the population to act
in a certain way -- support, sympathy, intimidation, sometimes just
reaction to provocation, you know? And if you can take that reaction of
the population away from them, it's extremely difficult for them to achieve
anything.

That's why the surge is not only a matter of putting extra troops into the
country, it's what they do when they get there. And what they're doing is
going into areas and not leaving. And they sit with the population,
partner with them, help them defend themselves. Keep the enemy away.
Prevent them from coming back. And if you like, restructure the
environment to hard-wire the insurgent out of it.

Three movies come to mind when I think about how difficult it is to find ones family in war, Blood Diamond, Schindler's List and Hotel Rwanda. Forget about American civil liberties for a moment and think about what an enormous service to the world it would be if we went made a huge locater database for every human on the planet. I'm willing to suggest that a proper system wold be of tremendous benefit to humanity if it were done with the LLP concept in mind. That is to say you could absolutely and positively identify people but that through LLP, the people themselves would be in control of the associations known to the system of authentication.

Now for the purposes of GWOT and Immigration, I imagine that there
would be certain absolutes built into the system - which represents the
capacity to replicate authentication that we have today. The best ID
anyone has, or any garden variety civilian has, is a national passport.
That's the thing that is recognized worldwide. So perhaps as a minimum,
in the Last ID, your nation of citizenship and all things that State
Departments attach to that, would be retained. IE I would have no
control, when identifying myself, that I would reveal my nationality
and consequently my status with my home country - all the stuff that an
immigration control agent would have at customs. But whether or not I
wish to give permission to associate my credit report or medical
records would be entirely up to me.

Ultimately, the cost of not doing this is what we are up against.
Americans will have a very low tolerance, given the openness of our
society, to domestic terrorism should it rise above a certain point. I
have every expectation that we will, for the sake of security, submit
to a regime of national identification which supercedes the present
system, warts and all.

August 18, 2007

Fish entertains paranoid fantasy in his continuing docu-drama of the great evil conspiracy of white supremacy. This week the stars are Francis Cress Welsing, the grand dame of the crackpot racial theorists, the woman who wrote the worst book I ever read. And even more wacky, he goes all the way to the Planet of the Apes. I guess he's going to have to get all that out of his system.

In the spirit of racial paranoia, I picked out a few discussions around the 'sphere to see what folks are talking about tangential to those things and people that might destroy our precious bodily fluids.

August 13, 2007

Given a choice
between countering terror and protecting civil liberties, most courts
in the US will protect civil liberties. That is because most judges in
the US don't know much about countering terror, and judges tend to talk
what they know. He suggests that what we need is a Counterterrorism
Court.

It is clear that our criminal courts
and FBI are unsuited to properly investigate and prosecute possible
domestic terrorists.

It seems to me that it is most important to be proactive in this
manner before we start writing law under duress. The import of this
discussion is supposed to be, how do we avoid bastardization of law and
misapplication of war powers in the wake of domestic terror attacks. If
you don't like the Patriot Act, then the answer is to come up with
something better.

There is no question, considering COINTELPRO that
domestic radicals and subversives can be infiltrated. But it's rather
common knowledge that the FBI was exceeding its mandate in that regard.
So too Posner asserts that their charter did not allow them to exploit
the potential of their infiltration of the Florida cell wrt bombing the
Sears Tower. Once they infiltrate and develop evidence that can result
in a criminal prosecution, they're done. It isn't within their ability
or charter to connect dots back to kingpin organizations.

We shut down the mob with RICO. We don't have such tools to deal
with domestic terror. We have the capacity but not the organization.

When the British are cited for having London as the most surveilled city in the world with their 'Ring of Steel', people often forget that their MI5 is a domestic spying organization. MI5 of course has the experience as do Londoners of dealing with car bombs in the city on a regular basis during the decades long conflict with the Irish Republican Army. We have no such experience.

There are many folks who argue reasonably, among the many more who do not, that the Executive branch has gotten out of hand. As well, there is a theory that the GWOT should be a 'police action'. So Posner's suggestion should be welcome to those who are interested in total victory as well as those who continue to sweat bullets over the Bush Administration's troubles over FISA warrants.

In the past week, Congress has, according to the anti-war crowd, caved in on new legislation surrounding the matters about warrantless wiretaps in pursuit of terror investigations. This is primarily because, as every one of their arguments I have seen plainly state, that crowd fears political reprisals. All of the FISA squawkers keep thinking that Bush is just a heartbeat away from Nixonian dirty tricks. I can understand a bit of cynicism, but this has descended into paranoia. There is one single significant civil liberties violation that has taken place under Ashcroft and Gonzales, and that is the Hamdan case which was eventually, if not promptly, checked by the Supreme Court. We have entered a period in which the President isn't even allowed to fire at will employees without raising a cloud of suspicion.

As an aside, I have not been following the inquisition of Gonzales, but it occurs to me that without the benefit of a doubt, there are very few people who could stand up to the level of harassment he has been getting at the hands of Congress. I worry about having people in office who are so calculating that they could. Then again, I think Janet Reno accorded herself with an order of magnitude more finesse than Gonzales, and I trusted her.

But what's clear again is that the Congress is ineffective in doing anything constructive in law that assists in victory over Al Qaeda on an independent basis. Instead they have spent all of their time countering executive orders and frameworks of dealing with matters like the definitions of enemy combatants, advanced interrogation techniques, funding of armor for the troops, the legality of GTMO, the Plame investigation and of course FISA, all of which they have lost.

But the problem with all of this SIGINT interception is my guess about how the process might actually work. To be in compliance with the law, which seems insufficient, and to use technology properly which is non-trivial is something that seems very difficult, inherently difficult to know. For example, the difference between the word 'concerning' and 'direct' as Kevin Drum notes, can make a big difference in the scope of data to be processed, whether or not one is alarmed at potential political hijinks.

From my observations of the technical aspects of this job, I understand that the more data that is selected, the less effective data mining techniques will be. My guess is that the NSA have more data than they effectively deal with and that they are archiving it until somebody comes up with a better mousetrap. If I were a betting man, I'd look at something like Hbase. Anyway, I'd be very interested to know about the methodology and that makes a difference.

Lets say, for example, you have the capacity to pull everything during a period of high chatter. That would be easier to do than to maintain a set of filters at the distributed points in your collection system. On this principle it works a little like your Google Mail. You get all the spam and you are able to hold it in your possession until you physically clear it. This gives you the opportunity to review all of that stuff you believe has a high probability of being spam in case some of it is not. If your best-guess filters toss out all spam at your collection points then you increase your number of unknown unknowns. Without filtering at collection points you can possess a large pool of data, and yet without investigating its contents, process it with a smart set of tags. You can then connect some dots based on the smart tagging and reduce your potential set of data to a more reasonable size. Again this is like labeling your Google Mail by doing a search on the To:, From: and Date: fields but not on the content.

Now to do voice recognition on the content, I think that would essentially require a warrant, which is different from wiretaps, because wiretaps aren't discrete. A telephone conversation may or may not be 'loaded' with actionable information. In an ordinary telephone wiretap you can only listen for and use stuff surrounding key words and I believe you can only possess the key sections of the conversation. Surely the FISA and all 'wiretap' laws are the basis upon which SIGINT must conform. These would be easy to circumvent as phone caller. I could play a game of treasure hunt, setting up times and phone numbers that send parts of a complete message in a series of phone calls. And of course as a cryptanalyst at NSA I couldn't know this was being done without access to greater sets of data.

Again, I'm only scratching the surface with my conjecture, but I know a great deal about how the changing of one word in a system requirement alters the way the technology is applied to a problem, and the technologist always knows where the holes are before the people writing the specs do. By the time rigorous protocols for users of the system are in place, any number of realities may have changed. So my sympathies are with the DBAs of course - the tech people who have to maintain these monstrously huge repositories (hmm, and suddenly I realized why Lee, my good buddy is so jazzed about the random access voicemail downloads he gets pushed to his iPhone), who know where they might look but are restricted from looking.

But SIGINT is only a partial solution as Posner and now I understand.
The greater problem is the lack of judges America has with experience
in dealing with these kinds of cases. Surely there are more than three
judges in this country who can assist in the GWOT. It doesn't take a
genius to figure out that the FISA approval process is a bottleneck,
whether it's retroactive or not. The more focus that the political opposition gives to this FISA stuff, the more we are vulnerable.

The executive and activists on their behalf wouldn't need to bear such paranoid or well-motivated scrutiny if the other branches of government had credible victories of their own.

July 19, 2007

Richard Clarke's Breakpoint is a thriller of bizarre proportions.
Reading it on the heels of Michael Crichton's Next makes me feel that
perhaps there certain fairly interesting ideas out there that makes the
future full of interesting possibilities. It is one of the more
entertaining books I've read this year. I recommend it.

Richard Clarke is another person whose material contributions to the country have been completely obliterated by the politics of vicious ripping and staunch defending of the Bush Administration. As I parse back through a large number of unfinished posts, this pattern is emerging - details that have become politically insignificant as the MSM, opposition, loyalists and blogosphere move their debates to new ground.

These days Petraeus is about to become another symbolic goat or hero in the same way. I am rather ashamed at how juvenile our democracy can become.

June 27, 2007

The number one thing that the CIA did that became known as the 'Family Jewels'? Well, you still can't know. But you can know a lot of the other things. My guess is that the worst possible thing that might be revealed is some complicity in the murder of King, X, Kennedy or Kennedy and probably through complicity with the FBI's complicity with local police. Which is to say perhaps some sources, but more likely methods were intentionally leaked from CIA to FBI and such info found its way into the wrong hands which acted in effective ways they otherwise could not.

This is my speculation given the 12 pages I've read of the newly declassified Family Jewels document released this week by the CIA.

The Roselli thing seems to be rather old news, or at least a secret that wasn't very well kept. There was plenty of Wikipedia on that guy long before the disclosure of this document. Basically , everybody knew in some way that the CIA was trying to kill Castro. No big deal in that release.

So where was Nosenko's jail. Hmmm. GTMO? Anyway, here's a guy out there debunking (for profit?) various aspects of the Nosenko legend. If I were particularly interested, I'd take an MD5 of that webpage and see if it changes within the next year.

The Mockingbird project seems almost tame considering the kinds of things that Chomsky would suggest that the CIA does or has done with respect to manufacturing consent. When I first read that book, I was convinced that the CIA was up to having plants at the NYT who were deep, deep undercover. And to tell you the God's honest truth there was always something about Jack Valenti that made me suspect that he was up to a lot more than he let on.

All of this divulging is good, of course. There will certainly be people who will take the time and effort to get through this large document to adjust their understanding of various CIA dirty laundry. But as various folks pick through it, I am brought to mind of the various firewalls that AG Ashcroft mentioned during his testimony about 'connecting the dots' and Homeland Security. I thought he was being particularly scrupulous in an environment of fingerpointing and political spin. The interests that enjoyed portraying the government as corrupt and stupid, especially those who find 'military intelligence' an oxymoronic joke appeared ever so willing to bulldoze those firewalls in the days of Ashcroft's complaint. That these revelations of piercing that veil remain high on the list of CIA faux pas (is 'faux' plural and singular?) suggests to me that these firewalls are taken very seriously.

But it also suggests to me that like the NSA, there are probably other agencies which "do not exist" who are less restrained. The AGs office must certainly know. We don't do jack without attorneys.

By the late 1950s the Ford Foundation possessed over $3 billion
in assets. The leaders of the Foundation were in total
agreement with Washington's post-WWII projection of world
power. A noted scholar of the period writes: "At times it
seemed as if the Ford Foundation was simply an extension of
government in the area of international cultural propaganda.
The foundation had a record of close involvement in covert
actions in Europe, working closely with Marshall Plan and CIA
officials on specific projects" (Ibid, p.139). This is
graphically illustrated by the naming of Richard Bissell as
President of the Foundation in 1952. In his two years in office
Bissell met often with the head of the CIA, Allen Dulles, and
other CIA officials in a "mutual search" for new ideas. In 1954
Bissell left Ford to become a special assistant to Allen Dulles
in January 1954 (Ibid, p. 139). Under Bissell, the Ford
Foundation (FF) was the "vanguard of Cold War thinking".

One of the FF first Cold War projects was the establishment of
a publishing house, Inter-cultural Publications, and the
publication of a magazine Perspectives in Europe in four
languages. The FF purpose according to Bissell was not "so much
to defeat the leftist intellectuals in dialectical combat (sic)
as to lure them away from their positions" (Ibid, p. 140).
The board of directors of the publishing house was completely
dominated by cultural Cold Warriors. Given the strong leftist
culture in Europe in the post-war period, Perspectives
failed to attract readers and went bankrupt.

The collaboration isn't shocking, and today we already know what's up with Sciafe and Right Radio. But you gotta admit it's a bold, if not particularly effective idea whose time will inevitably return.

June 06, 2007

For about the fourth time, I have put together a PGP arrangement. As usual, I wonder if there is anything at all that I know which is worth protecting and communicating. I know that there is, the problem is that there is nobody worth communicating it to.

I confess that I am drawn to spies and, to a lesser extent, priests.
They hold in their heads ideas that are worth killing and dying for,
and yet unlike writers and intellectuals of other sorts, they are
restrained by ethical virtues from gaining any notoriety, wealth or
respect from the dissemination of said ideas. Anyone can blurt the
beautiful and be blessed, but there is nothing so frighteningly
powerful, I think, as an idea whose time may very well never come. They
are the reverse of us who clamour for glory and vindication.

The other day, NPR was interviewing a physicist who had recently become curator of the LA Natural History Museum. I think she is bound to turn that stately place into another popular, bright something-a-torium with a McDonalds. But I tend to think she is not the proper physicist. That is to say, nuclear secrets are the most haunting creation of the last 100 years. They are obscured by their own inherent complexity and by extraordinarily well-funded aparatuses of security. I would think that a proper physicist would spend as much time as possible in close proximity to those touchstones. But she struck me as a pure scientist in search of order and wonder and discovery. I might be defective in my attraction to the forbidden fruits of the world's most highly guarded mysteries.

In my own profession I have been astounded by the lack of security. I basically have had access to the financial data for every company I've worked for for the past 20 years. None of them have ever employed a system to keep that data out of the hands of IT personnel. It's a strange thing when you think about it, you trust the implementation of security to people who should actually never have access to the thing which you are securing. It's a small problem that might have been addressed somewhere but not often, and maybe not well.

So I conclude that I don't know jack.

There is no inherent value in anything. Somebody has to desire it. Then that means somebody has to be aware of it. Part of the difficulty in security is that people have to recognize that something is of value to someone else before it is secured. And unless there is some kind of healthy market for contraband, most valuables are not really valuable. It's the old paradox which is that it's much harder to get 50K in cash than it is to get 5 million in bonds, because everybody knows what to do with 50k in cash but only a few know what to do with 5 million in bonds. The bond market may have high barriers to entry, but I seriously doubt that bond traders are scrutinized as thoroughly as people asking for a second on their house. But what do I know, I can't get either. The point stands however, I'll use a different example. It's easier for me to bum 20 for lunch off a colleague than for an actual bum to get spare change. It's all about the exchange.

So what might be secured is not secured because nobody understands the value. Conversely some things that are obviously valuable and secured are difficult to sell because markets are small and illicit. How might one go about selling corporate secrets, for example? I think it's something that perhaps only attorneys understand, living as closely as they do to what is and is not prosecutable.

There's another interesting twist on this subject which is the value of knowledge. That has to do with the ability of a resume to convey what is true about one's experience and knowledge, versus what is valuable about one's experience and knowledge. My current resume only goes back to 1988, but it could go back to 78. I can't know what I might gain or lose by exposing that part of my life. Indeed how much of one's life is for sale in a resume? I think I lack the one thing that would make some of the details irrelevant, which is a Summa from an Ivy League. That kind of BA would be just fine for my temperament.

There's a fundamental aspect of intelligence and privilege which defines our meritocracy and corrupts it. That is that smart people get to do what they want to do. They don't get proper scrutiny. And yet when they do, we kind of hate it don't we? It didn't matter how qualified Paul Wolfowitz' girlfriend was, nor how much money she could have objectively made with her skills anywhere in the world. Everybody got to have a turn at bat when she became a political pinata.

They say it's not what you know but who you know. The problem is that when you get to know a lot about something, there are fewer and fewer 'whos' to know. It's easy to get trapped in a hierarchy of knowledge that restricts your ability to cash in on your knowledge. Often it's necessary. You must build value into something by keeping everybody in the loop at a low cost with low liquidity until it's time to sell.

May 02, 2007

It starts with 09 and ends with C0. It's a 128bit key that unlocks, given the proper software, all encrypted HD DVDs and Blu Ray discs. I was made aware of it just this morning, not quite by accident, but because I'm a news junkie and I have software agents that find stuff for me. Given that, it only took me a couple minutes to find the code I need to crack the AACS protection scheme. I'm not going to publish it, that would be unethical, like publishing Richard McBeef or Nick Berg's beheading. But it is a fascinating thing.

In the latest battle between the hackers and the hacked, the hackers have won. But the hackers should win because this is a war over the right to know. Interestingly enough, here in my ancient hotel with only 20 channels of television, this parallels an episode of Dr. Phil that I was forced to watch last night out of pure boredom. Some chick and some dude were on an episode of 'Is this Normal?', which I imagine to be a regular segment for Dr. Phil. And the chick was obsessing over whether or not the dude was cheating on her. So she would text him 80 times a day to see where he was, demanded his passwords to his PC, checked all of his personal and work email, checked to see how much gas he used in his car and even checked the position of the passenger seat in his car. She was hacking him obsessively because she desperately needed a daily assurance that he wasn't cheating. There was basically no trust in the relationship. She felt she had a right to know.

Besides the fact that dude was a total doormat it's clear that the provocation was the chick's fault. But in the case of hackers, their provocation is necessary. That's because, as was shown in the DeCSS case, students need to be able to communicate security. Now simply because it's widely known that classrooms are hacked for the sake of DVD piracy doesn't mean you can restrict that speech. Part of the outrage, if any, that will ensue from the decisions of Digg and others to stand by the free speech argument is that relatively few people pay attention to other hacked classrooms.

Given a healthy or morbid obsession, everything can be hacked. You should always assume that somebody somewhere wants to hack you, what you know and what you do. But the crazy part is, like the obsessive chick, they really don't want to leave you.

Obligatorily, I think it's unethical for me to publish the number because I'm not involved in the business or avocation of teaching security or low level programming, but I think it's clearly ethical for those who are.

February 25, 2007

I walked all over Philly today. I still don't know all the places I've been.

I started at my hotel and went around the corner to The Bourse. A bunch of kids were out of school evidently. I couldn't find a sweatshirt appropriate for my collection. So I circled the place a couple times. then I headed downstairs to the little bookshop. I figured they could tell me where I could get to a public internet place. None of the branches of the Philadelphia Public Library shows up on Google Maps, and me without a functional air card or power cord for my laptop. That was at Fourth and Ranstead. She said the library was at 7th and Chestnut. OK. Easy enough.

So I headed out and wound up at the Mall. I decided to snap some pictures since this time I brought the Olympus. I walked around the Liberty Bell building and acted suspiciously in front of the guards. I don't know why I do that, but whenever I enter a security situation, I start evaluating the security. There were guards on every corner and I got pictures of most of their positions without looking as if I was. Actually, I think the security is pretty good around Independence Hall and the Liberty Bell. From what's visible however, a determined assailant team could do damage. Anyway. I got a phone call and handled some business as I walked around the Liberty Bell building. Then I headed up to 7th.

At 7th there was no library, but there was a police station. So I went into the lobby and asked for directions. The library was half a block north. There were three officers in the substation. One had his feet up on the desk.

The library was closed earlier that week because of a broken water pipe but it was open and I sat down to the terminal. I needed a library card, but they gave me a visitors pass after eyeballing my California drivers license. The pin code was 5688. I logged on. There was a 33 minute timer. My assignment was to find a FedEx code to send to the Spousal Unit in order for her to mail a borrowed laptop (the one whose high quality wireless and battery life would have obviated this trip to the library) back to the vendor. The desktop was wrapped in a secure wrapper and I pulled up IE. The connection was so pitifully slow that it took me about 20 minutes to do just a few things. I couldn't even use Google chat for a moment. But I did get the addresses of some real internet cafes. I put them in the Treo and booked up.

Next thing I need is a little lunch, so I stopped at a Quiznos. My destination was the Cosi at 12th and Walnut. According to the website I found, this was an internet Cafe. I got there, but it was basically just like the other Cosis I'd seen. A coffee shop with big comfy chairs. So I snapped some pictures. The other locations were way over at U Penn and not within walking distance, so I'd need some cash. I looked up Bank of America. Walnut and Broad. Good. I can walk there.

At Walnut and Broad, there is no B of A, but there is a Wachovia, a huge one. I walk in singing Sade and check out the huge slabs of marble. Nice. Looks like a bank. I get 80 bucks and curse under my breath for having to pay the 2.50 fee. This time it's getting kind of cold, and I'm still just wearing a t-Shirt under my ski jacket. The wind is cutting me up. Fortunately, there's a Banana Republic across the street and today is payday. What the heck.

While I'm shopping, Spence calls me up. I'll probably be hooking up with him tomorrow or Sunday in Baltimore. That's going to be off the hook. Meanwhile I got me a sweater. So now I'm warm and am heading towards Rittenhouse Square. I snapped many pictures on the way including two of my favorite joints, Mahogany and Alfa. By the time I got to the square my camera hand was frozen stiff. I took a few more of Trinity Church which was closed and continued down towards my destination, the Ants Pants Cafe on South Street near 22nd.

I turned the wrong way on 22nd, and for some reason I thought that Ants Pants was near U Penn. So I ended up all the way over at Race Street before I pulled out the Palm and tried to get my bearings. I thought I was going West but I was going North. Now I'm at the Franklin Institute. What? I grab a cab and 7 bucks later I'm at Ants Pants. It's 4pm and they're closing. It's just a coffee shop hole in the wall, not a real internet cafe. Crap. I buy a coffee and head towards Digital Age. That's got to be the right place. 1818 S 13th Street right? That's a hike from 22nd and South Street. But I start hiking.

By the time I get to Passyunk and 13th, I can tell that this cafe does not exist. Now my feet hurt, and I'm pissed. So I head back to Broad Street where at least I know that I'm only a few minutes away from a cab. So I cab it back to my office and I write this.

December 22, 2006

DMC is not devastating mic control in this case. It's Disproportionate Minority Contact - a regime that seeks to answer with statistical reporting the following questions.

Are there differences in the rates of contact (e.g., arrest) based on race/ethnicity? If so, at what stages of the justice system are these differences more pronounced?

Are there differences in the processing of juveniles within the justice system based on race/ethnicity? If so, at what stages of the justice system are these differences more pronounced?

Are the racial/ethnic differences in contact and processing similar across jurisdictions within a state? If not, in which jurisdictions are these differences more pronounced?

Are the differences in contact and processing similar across all racial and ethnic groups? If not, which groups seem to show the greatest differences?

Are racial/ethnic differences in contact and processing changing over time?

Now here's the opening qualification taken directly from the same manual. I'm going to put it in bold so that you don't overlook it.

It is important to note what is not included at this stage: any attribution about the reasons for the differences. Therefore, the identification phase of information neither describes the reasons for any differences that occur nor creates strategies to reduce those differences.

In other words, although they can say with great precision that they are observing race, they cannot and will not say at all whether or not they are observing racism. So therein may be answers to what and perhaps how, but not why? Except that why is a presumption that plays into the politics of counting noses by race anyway. Essentially people are invited to speculate why and your guess is as good as mine.

Me? I was trolling for data. It is my job actually to make the meaning of such numbers plain and accessible, so I may as well have some fun doing it. The problem is that this data is dirty. They don't say that in so many words, they say it with too many words. Take the following paragraph as an example:

Studying More Jurisdictions and More Categories of Youth and OffensesStates may use the basic RRI method described above to extend the number of jurisdictions to be studied, subdivide the types of youth being studied, and subdivide the types of offenses (and other features) being studied to broaden their analysis of DMC issues. Each such refinement adds analytic power and specificity to the search for ways in which to address DMC issues. A few examples of such refinements would include separate identification analysis for males and females or for older and younger age groups. The logic that jurisdictions might use to justify such endeavors would be that there is some additional contact risk that attaches to younger (or older) male youth. Likewise, jurisdictions might add additional stages to the basic RRI model to track the implementation of specific additional statutory provisions such as the application of determinate sentencing or of automatic transfers to adult court for some offenses. For such policies to be fruitful for analysis, states would have to demonstrate that the policies actually apply to a substantial number of youth. In a similar fashion, it might be feasible to conduct the RRI analyses separately for various classes of offenses, such as those involving crimes against persons, property, drug offenses or public order. Again, the need is to ensure that a sufficient number of cases are processed to make the search for patterns potentially fruitful. If one is engaged in analysis of subsets of offenses, it is also necessary to recognize that the processes of plea-bargaining and diversion programming may lead to situations in which the classification of an offense changes as the case proceeds through the systems.

In short they know race but they don't know gender. They also don't know crime, nor do they have a good taxonomy for the crimes. They don't know age, nor do they have a taxonomy for aging. They don't have attributes for charges or sentencing.

Now it's true that a brother like me gets 250 an hour building analytical systems. Now you know why I get no municipal government work. Their data is weak. You cannot make sound analytical decisions on data this dirty and arbitrarily qualified. I know that sounds like a dismissal but you do grow a sense about these things after 20 years in the business. More's the pity. It almost wants to make me join Connorly.

Connorly's quest of eliminating all racial data collection is fraught with the peril of knowing to little and disabling analysis altogether. Yet there is the peril on the other side which is that of 'knowing' too much about very dense and well-qualified data sets. These aren't data these are people. And as much as I'd love to march every human on the planet through a 48 byte universal identifying system I know that runs the serious risk of treating people like things we think we can all too easily abstract. Of course there are greater risks in the world, and somehow I think we'll end up doing that anyway.

I'm for adding more and more data to a singly authenticatable person. This one of the reasons I don't blog anonymously. And I think people should be able to assume multiple pseuds which link (under their control) to their root, unchangeable one.

When you really recognize how difficult it is to get simple demographic information correct it makes you wonder how much we think we know about each other's digital information is just wrong, wrong, wrong.

One of my original angles on surviving the threat had to do with my basic understanding that in a crisis, people accellerate what they already do, and that experts are not likely to change their behavior. However the people, having no prior experience or knowledge, are most likely to change their behavior. Consequently, the best way to leverage the power of the US would be in terms of self-defense, IE millions of Americans doing something slightly different. (Like buying tube socks or duct taping windows). But seriously, an immunized public is the greatest defense against assymetrics. The theory is that if one terrorist can do X, than one civilian can do 1/x.

Since the media has decided to scare everyone with predictions of
chemical, biological, or nuclear warfare on our turf I decided to write
a paper and keep things in their proper perspective. I am a retired
military weapons, munitions, and training expert.

Lesson number one: In the mid 1990s there were a series of nerve gas
attacks on crowded Japanese subway stations. Given perfect conditions
for an attack less than 10% of the people there were injured (the
injured were better in a few hours) and only one percent of the injured
died.

60 Minutes once had a fellow telling us that one drop of nerve gas
could kill a thousand people, well he didn't tell you the thousand dead
people per drop was theoretical.

Drill Sergeants exaggerate how terrible this stuff was to keep the
recruits awake in class (I know this because I was a Drill Sergeant
too). Forget everything you've ever seen on TV, in the movies, or read
in a novel about this stuff, it was all a lie (read this sentence again
out loud!). These weapons are about terror, if you remain calm, you
will probably not die. This is far less scary than the media and their
"Experts," make it sound.

Chemical WeaponsChemical weapons are categorized as nerve, blood, blister, and
Incapacitating agents. Contrary to the hype of reporters and
politicians they are not weapons of mass destruction they are "area
denial," and terror weapons that don't destroy anything. When you leave
the area you almost always leave the risk. That's the difference; you
can leave the area and the risk but soldiers may have to stay put and
sit through it and that's why they need all that spiffy gear.

These are not gasses, they are vapors and/or air borne particles.
The agent must be delivered in sufficient quantity to kill/injure, and
that defines when/how it's used. Every day we have a morning and
evening inversion where "stuff," suspended in the air gets pushed down.
This inversion is why allergies (pollen) and air pollution are worst at
these times of the day.

So, a chemical attack will have it's best effect an hour of so
either side of sunrise/sunset. Also, being vapors and airborne
particles they are heavier than air so they will seek low places like
ditches, basements and underground garages. This stuff won't work when
it's freezing, it doesn't last when it's hot, and wind spreads it too
thin too fast. They've got to get this stuff on you, or, get you to
inhale it for it to work. They also have to get the concentration of
chemicals high enough to kill or wound you. Too little and it's
nothing, too much and it's wasted.

What I hope you've gathered by this point is that a chemical weapons
attack that kills a lot of people is incredibly hard to do with
military grade agents and equipment so you can imagine how hard it will
be for terrorists. The more you know about this stuff the more you
realize how hard it is to use.

We'll start by talking about nerve agents. You have these in your
house, plain old bug killer (like Raid) is nerve agent. All nerve
agents work the same way; they are cholinesterase inhibitors that mess
up the signals your nervous system uses to make your body function. It
can harm you if you get it on your skin but it works best if they can
get you to inhale it. If you don't die in the first minute and you can
leave the area you're probably gonna live. The military's antidote for
all nerve agents is atropine and pralidoxime chloride. Neither one of
these does anything to cure the nerve agent, they send your body into
overdrive to keep you alive for five minutes,
after that the agent is used up. Your best protection is fresh air and staying calm.

If you are in public and you start experiencing these symptoms,
first ask yourself, did anything out of the ordinary just happen, a
loud pop, did someone spray something on the crowd? Are other people
getting sick too? Is there an odor of new mown hay, green corn,
something fruity, or camphor where it shouldn't be? If the answer is
yes, then calmly (if you panic you breathe faster and inhale more
air/poison) leave the area and head up wind, or, outside.

Fresh air is the best "right now antidote." If you have a blob of
liquid that looks like molasses or Kayro syrup on you; blot it or
scrape it off and away from yourself with anything disposable. This
stuff works based on your body weight, what a crop duster uses to kill
bugs won't hurt you unless you stand there and breathe it in real deep,
then lick the residue off the ground for a while. Remember they have to
do all the work, they have to get the concentration up and keep it up
for several minutes while all you have to do is quit getting it on
you/quit breathing it by putting space between you and the attack.

Blood agents are cyanide or arsine which effect your blood's ability
to provide oxygen to your tissue. The scenario for attack would be the
same as nerve agent. Look for a pop or someone splashing/spraying
something and folks around there getting woozy/falling down. The
telltale smells are bitter almonds or garlic where it shouldn't be. The
symptoms are blue lips, blue under the fingernails rapid breathing.

The military's antidote is amyl nitride and just like nerve agent
antidote it just keeps your body working for five minutes till the
toxins are used up. Fresh air is the your best individual chance.

Blister agents (distilled mustard) are so nasty that nobody wants to
even handle it let alone use it. It's almost impossible to handle
safely and may have delayed effect of up to 12 hours. The attack
scenario is also limited to the things you'd see from other chemicals.
If you do get large, painful blisters for no apparent reason, don't pop
them, if you must, don't let the liquid from the blister get on any
other area, the stuff just keeps on spreading. It's just as likely to
harm the user as the target. Soap, water, sunshine, and fresh air are
this stuff's enemy.

Bottom line on chemical weapons (it's the same if they use
industrial chemical spills); they are intended to make you panic, to
terrorize you, to heard you like sheep to the wolves. If there is an
attack, leave the area and go upwind, or to the sides of the wind
stream. They have to get the stuff to you, and on you. You're more
likely to be hurt by a drunk driver on any given day than be hurt by
one of these attacks. Your odds get better if you leave the area. Soap,
water, time, and fresh air really deal this stuff a knock-out-punch.
Don't let fear of an isolated attack rule your life. The odds are
really on your side.

Nuclear WeaponsNuclear bombs. These are the only weapons of mass destruction on
earth. The effects of a nuclear bomb are heat, blast, EMP, and
radiation. If you see a bright flash of light like the sun, where the
sun isn't, fall to the ground! The heat will be over a second. Then
there will be two blast waves, one out going, and one on it's way back.
Don't stand up to see what happened after the first wave; anything
that's going to happen will have happened in two full minutes.

These will be low yield devices and will not level whole cities. If
you live through the heat, blast, and initial burst of radiation,
you'll probably live for a very, very long time. Radiation will not
create fifty foot tall women, or giant ants and grass hoppers the size
of tanks. These will be at the most 1 kiloton bombs; that's the
equivalent of 1,000 tons of TNT.

Here's the real deal, flying debris and radiation will kill a lot of
exposed (not all!) people within a half mile of the blast. Under
perfect conditions this is about a half mile circle of death and
destruction, but, when it's done it's done. EMP stands for Electro
Magnetic Pulse and it will fry every electronic device for a good
distance, it's impossible to say what and how far but probably not over
a couple of miles from ground zero is a good guess. Cars, cell phones,
computers, ATMs, you name it, all will be out of order.

There are lots of kinds of radiation, you only need to worry about
three, the others you have lived with for years. You need to worry
about "Ionizing radiation," these are little sub atomic particles that
go whizzing along at the speed of light. They hit individual cells in
your body, kill the nucleus and keep on going. That's how you get
radiation poisoning, you have so many dead cells in your body that the
decaying cells poison you.

It's the same as people getting radiation treatments for cancer,
only a bigger area gets radiated. The good news is you don't have to
just sit there and take it, and there's lots you can do rather than
panic. First; your skin will stop alpha particles, a page of a news
paper or your clothing will stop beta particles, you just gotta try and
avoid inhaling dust that's contaminated with atoms that are emitting
these things and you'll be generally safe from them.

Gamma rays are particles that travel like rays (quantum physics
makes my brain hurt) and they create the same damage as alpha and beta
particles only they keep going and kill lots of cells as they go all
the way through your body. It takes a lot to stop these things, lots of
dense material, on the other hand it takes a lot of this to kill you.

Your defense is as always to not panic. Basic hygiene and normal
preparation are your friends. All canned or frozen food is safe to eat.
The radiation poisoning will not effect plants so fruits and vegetables
are OK if there's no dust on em (rinse em off if there is). If you
don't have running water and you need to collect rain water or use
water from wherever, just let it sit for thirty minutes and skim off
the water gently from the top. The dust with the bad stuff in it will
settle and the remaining water can be used for the toilet which will
still work if you have a bucket of water to pour in the
tank.

Biological Weapons Finally there's biological warfare. There's not much to cover here.
Basic personal hygiene and sanitation will take you further than a
million doctors. Wash your hands often, don't share drinks, food,
sloppy kisses, etc., .... with strangers. Keep your garbage can with a
tight lid on it, don't have standing water (like old buckets, ditches,
or kiddie pools) laying around to allow mosquitoes breeding room. This
stuff is carried by vectors, that is bugs, rodents, and contaminated
material. If biological warfare is so easy as the TV makes it sound,
why has Saddam Hussein spent twenty years, millions, and millions of
dollars trying to get it right? If you're clean of person and home you
eat well and are active you're gonna live.

Overall preparation for any terrorist attack is the same as you'd
take for a big storm. If you want a gas mask, fine, go get one. I know
this stuff and I'm not getting one and I told my Mom not to bother with
one either (how's that for confidence). We have a week's worth of cash,
several days worth of canned goods and plenty of soap and water. We
don't leave stuff out to attract bugs or rodents so we don't have them.

These people can't conceive a nation this big with this much
resources. These weapons are made to cause panic, terror, and to
demoralize. If we don't run around like sheep they won't use this stuff
after they find out it's no fun. The government is going nuts over this
stuff because they have to protect every inch of America. You've only
gotta protect yourself, and by doing that, you help the country.

Finally, there are millions of caveats to everything I wrote here
and you can think up specific scenarios where my advice isn't the best.
This letter is supposed to help the greatest number of people under the
greatest number of situations. If you don't like my work, don't nit
pick, just sit down and explain chemical, nuclear, and biological
warfare in a document around three pages long yourself. This is how we
the people of the United States can rob these people of their most
desired goal, your terror.

September 06, 2006

So there's this place, you know, called the Salt Pit, you know? No you didn't know. You couldn't know, but now you know. Well, click here and you'll know. You'll know 'that', you can guess 'why', but you'll never know 'how' or 'to what extent'. That's why they call them secret prisons.

The CIA has been hiding and interrogating some of its most important
al Qaeda captives at a Soviet-era compound in Eastern Europe, according
to U.S. and foreign officials familiar with the arrangement.

The
secret facility is part of a covert prison system set up by the CIA
nearly four years ago that at various times has included sites in eight
countries, including Thailand, Afghanistan and several democracies in
Eastern Europe, as well as a small center at the Guantanamo Bay prison
in Cuba, according to current and former intelligence officials and
diplomats from three continents.

Out here in the amature paranoia zone, we had an inkling that such things existed. I mean, why wouldn't they? Astute paranoids can google this number N4476S and find interesting yet inconclusive facts. It's hard to hide aircraft.

Be all that as it may, we at Cobb expected as much. And I hope people start taking Posner's advice more seriously. Because you cannot just say to the world that you're going to bring people tp justice, if you don't eventually bring them. So as long as we take prisoners, which in and of itself is an act of moral, civilized behavior, we're going to have to keep certain folks incommunicado. Sounds fair to me.

Clearly, the transparency of the American system is admirable. No wonder we have so many dissidents. They get their day. Oh and one more thing before knees start jerking. Congress knew.

August 31, 2006

Judge Richard Posner has made a rather startling insight in his podcast with Glenn Reynolds. It is a very simple idea to understand, and that is that given a choice between countering terror and protecting civil liberties, most courts in the US will protect civil liberties. That is because most judges in the US don't know much about countering terror, and judges tend to talk what they know. He suggests that what we need is a Counterterrorism Court. Something akin to what the French have is what I interpret, but I may be wrong. I'm not particulary fond of the nomenclature of an Inquisitorial Court, but then neither am I particularly sanguine about the prospects for a purely executive solution to terror.

I have argued that I expect that the more terrorist trials we hold in this country the better we will get at it. If the GWOT is to be refocused as an international police action we are going to have to do a better job of investigating. Posner opines that the FISA Court is really too narrowly focused on SIGINT to be broadly effective. I agree.

It is also becoming clearer to me that between what we have at Gitmo, old treaties, the Hamdan decision, it's a patchwork. I think there is a strong case for a new type of circuit court with new powers of investigation to handle the kinds of cases we are likely to encounter with Jihadists and non-state actors going forward. I think those who have, even under the influence of BDS, suggested that there is too much Executive power arrogated by GWBush are backing into the truth. I say that the Congress clearly isn't doing a decent enough job, and that anybody with gripes about Gitmo should be behind a new sort of judiciary power.

Everything is not war. War powers are not properly defined by precedent. GWB's lattitude given the mistakes of Iraq have wasted life and resources. Posner is onto something.

So what kind of confidence can we have that a special court will focus on terror suspects and not be especially corrosive of civil liberty? Is Posner someone we could trust in this regard? If not, then who? Are having new powers assigned to the judiciary a road to hell? Is the French model worthy of emulation? Or will we just shoot Osama in the head and be done with it - ie a take no prisoners attitude towards Jihadism.

I am particularly fond of Bush's phrasing of bringing the enemy to justice. The same old justice won't do.

August 29, 2006

Although the British
government proclaimed itself neutral, its diplomats in Spain urged
support for the Nationalists. Britain froze all Spanish assets, an act
that affected primarily the loyalist side because the government had
transferred its gold reserves to Britain for safe keeping at the start
of the war. Similarly, the Anglo-French arms embargo hit the
Republicans disproportionately and did not prevent the Nationalists
from getting weapons from Italy and Germany. Britain also discouraged
activity by its citizens supporting the Republicans. The last
Republican prime minister, Juan Negrín, hoped that a general outbreak
of war in Europe would compel the European powers (mainly Britain and
France) to finally help the republic, but World War II would not
commence until months after the Spanish conflict had ended. Ultimately
neither Britain nor France intervened to any significant extent.
Britain supplied food and medicine to the Republic, but actively
discouraged the French government of Léon Blum from supplying weapons.

Where does American money go when our Republic is in jeopardy? I don't think I've thought of that scenario before. I mean our money isn't gold, it's 'numbers' in 'bank accounts'. But who is doing the backup to tape of the zillions of transactions? Lay that aside for a moment, and we'll get back to it.

The extent to which America is rich depends on our ability to transact. That is to say $30,000 in the bank feels good because we know that at any minute we can go purchase that new car. It matters that it's fungible. It doesn't matter to us if it's a money order, cashier's check, cash, credit card, credit union loan or backed out of home equity. It's fungible. And that is all consumer goods and services I'm talking about upon which a significantly large part of our GDP is based. But what is it? It's people paying a premium for Green Giant peas & pearl onions instead of the store brand. How much of our economic security is based on the meager but marketing-driven differences between plain-wrap and premium? If Americans actually sacrificed luxury and disposable-income type items, a zillion dollar economy would disappear.

It's a frightening thing to consider what our domestic world would be like if we didn't have so many millionaires who made their fortunes on suntan lotion or cheap sunglasses (echoing Neil Simon's Wax Fruit King from 'Come Blow Your Horn') What would it take to get us culturally focused on national unity? I would greatly fear that hypno-toad.

But really. Where does the real money in real accounts go if the paperwork disappears? To the courts? New obligations materialize? Does the Army commandeer assets to keep moving? Is it gold? Diamonds?

Granted, we probably don't have to think about these things. But if there is an Islamic Bomb in our future, perhaps we do. I'm sure somebody already has, but what was the answer?

August 15, 2006

There's a bunch of fretting over the presentability of Crazy A's new blog. Well let me pre-empt the biggest bomb he can drop on American citizens and the West. What he can do, or anyone could conceivably do to undermine confidence of the American electorate in their government. That is to divulge American state secrets discovered by Iran.

Imagine a scenario in which some information about which the American insurgents at Kos or Firedoglake (for gratuitous example) were being widely denounced by the political powers that be, us. Let's say they argued in moonbatese that the Downing Street Memo for example was proof positive of some debatable point. We go back and forth with our various accusations of treachery and then Boom, the head of the Iran drops a hot document onto his blog that provides corroboration. It would be an incredibly bold and destructive move, one that could further destabilize the chatting classes of the West. We already have ingrown mistrust of government and the mainstream media, what if our fears were confirmed by the enemy? What if the enemy becomes a more reliable source of transparency than our own government? What if, in order to keep our loyalty, our government had to lie about the truth other governments were divulging?

August 01, 2006

The full title to this blog post is 'Mel Gibson, Police Melodrama and the Declining Significance of Jury Trials', which is my way of parsing this very important paragraph over at Thought, Word & Deed.

There is more to this than is being discussed in the mainstream media.
It is why the mass media is not a source of news or information, but a
source of US policy imperatives. Those imperatives do NOT indicate
clearly what the US intends to do, but they do indicate what the US
wants people to believe.

That paragraph is not referring to Mel Gibson but rather some speculation about hidden motives in an energy war between China and the US. The gist: Hezbollah may not be the tip of an Islamic spear as far as the US is really concerned, rather it's all about China's new energy business with Iran that is the subtext. So if the headlines are full of blather about anti-semitism of Mel Gibson, it's all about preparing Americans to support Israel.

But I'm not so much worried about an energy war with China as I am the possible disintegration of the court system. Is our desire for swift justice so achy breaky that we swarm over scribbled police reports in order to pontificate? Uh.. yeah. So Christopher Hitchens is declaring him guilty and Disney executives are declaring him not guilty. That's the real trial that's going on here, forget what the cops and attorneys and court think this is about.

Scary?

If you think that's not scary, then try to ignore the story. If you're reading this blog, you're already too well informed, so count the number of times and angles from which it drones.

July 13, 2006

Electronic Arts has announced that it has confiscated approximately 15
trillion gold pieces from within its long running PC massively
multiplayer online role-playing game (MMORPG) Ultima Online, which the company claims was obtained “through the abuse of bugs or exploitation of game mechanics”.

July 02, 2006

USA Today has been duped. They are now retracting their claims after retracing their steps. Apparently, they cannot come up with any evidence of a contractual agreement between the accused telcos and the NSA.

Based on its reporting after the May 11 article, USA TODAY has now
concluded that while the NSA has built a massive domestic calls record
database involving the domestic call records of telecommunications
companies, the newspaper cannot confirm that BellSouth or Verizon
contracted with the NSA to provide bulk calling records to that
database.

Now if I was a spymaster at the NSA and it was my job to give the agency plausible deniability, this would be a happy day for me. And you can be sure that if Arthur Andersen can shred records for Enron, the spymasters who may have arranged to suck the data out of the telcos are an order of magnitude more stealthy.

What I've learned from reading Kolb is that there are pros in the world of stealth that know how to make money rather untraceable. And it seems to me that one of the first things one would do in order to make such trails hard to find is to use proprietaries and cutouts. A proprietary is a company that does the business for an agency like a subcontractor. A cutout is a person that does a job but doesn't necessarily know who he is doing it for. Then of course there are just theives for hire or blackmail. Somebody who does a bit of dirty work and then is gone.

So here's how you do it. Maybe. You set up a company, say in Italy. It's a telecom and you buy the super sniffing hardware and software. You get your engineers to customize the software. You fold the company and disperse the assets to a cutout. The cutout's well-insured building burns down and the insurance claim says 'electonic equipment'. Now the asset is effectively destroyed. Only it didn't. It just disappeared and what burned in the fire was an ordinary PBX.

Next you find out interesting places where contractors and subcontractors have access to ports of entry into telecom and one day one of the normal contractors is out sick and your replacement dude puts in the wires. 'Out sick' means maybe he accidently got a flat tire and the 'dispatcher' said don't worry we'll send another guy.

Now you've got the super hardware in place, you've got the deniability on the actual asset sold by the legitimate sniffer company. Now you paper up your front-end. Which is to say, you make official overtures to try and accomplish through above board channels what you've already secretively done. This insulates both parties whether or not such overtures are accepted. If they are, all the better, you have a second source with which to validate your secret source.

I would be ashamed and embarrassed if our intelligence organizations weren't clever enough to jack USA Today and the NYT. So let the NYT have its moment of treacherous glory. Remember, the more incompetent the CIA appears, the more dangerous it actually becomes.

July 01, 2006

Everyday at work, and sometimes during lunchtime on my Treo and often at home, I am working IT systems to the bone. I'm usually the guy who understands what's going on in the log files and other strange places where users and developers don't go. I swear just the other day, I was looking to see if a particular employee tasked to our project was responsible for erasing data in one of our many databases. I was getting an IM from the guy who asked for this information just as said employee was walking into my office.

Maureen Dowd is right about one thing. There's a whole lot of rebooting going on. But these systems are far more capable, sophisticated and flaky than most people can even think of understanding.

At the moment I am struck about how those interpreting the '24' fantasy of CTU as a club against the awkward reality of the FBI and their inability to connect the dots. For the sake of hypocrisy, I hope these aren't the same people who grumble aloud about domestic surveillance. When it comes to domestic surveillance, critics seem to think the intelligence agencies are capable of panoptic evil, ie spying on you and me and knowing who is on our friends and family calling plan. But when it comes to finding Osama, the intelligence agencies are bumbling Keystone Kops of the first order.

I was thinking about the difference inserting an anonymizing lookup table in the middle of a downselect for terror suspects or other data mining targets. In theory, such a thing is relatively simple. In practice, it's just another moving part. As we in the systems business know, everything that can go wrong, will go wrong, and the more moving parts you have, the more likely something is to go wrong, the harder it's going to be to figure out what went wrong, and the more difficult it is to fix when it does. Beyond that, when things go wrong, the temptation is always to fix, rather than redesign and rebuild. That's what gets us systems guys in trouble.

But anybody who watched the famous hacker qualification scene in the film 'Swordfish' knows the kinds of situations that we systems people are put in when somebody wants something done NOW. If you haven't, suffice it to say that the pressure can be enormous, and often unrealistic.

So it came as no surprise that one of the earlier versions of the domestic surveillance programs did indeed have the provision for anonymization of records to be searched but the idea was dropped. But the simple insertion or deletion of such anonymization procedures isn't all that has to be done when a functional decision is made to go one way or another. There are consequences of being willfully blind in a system designed to find thing for you.

June 10, 2006

I've gone through a bunch of crap recently with Bank of America. Apparently they are yet another in the line of dupes who have been namejacked. I hereby invent the meme, namejack, btw. 'Identity Theft' is so legalese. And so, about a month ago I discover that all of my cards have been locked and I suddenly was trasported back to 1982 when there were no ATMs and on Friday you had to get to the bank with your checkbook in hand so that you'd have enough cash to get through the weekend. The problem was that nobody told me about it until I was running late for work one day trying to get my car out of the shop.

The guy runs my ATM and it rejects. What? Admittedly 900 bucks isn't peanuts, but I had more than double that when I checked the account by phone just before the Spousal Unit dropped me off. I can't explain it, I don't know what's going on, I'm just standing there like a putz in front of the guy with greasy hands. And quite frankly, let me tell you something, I'd trade places with homeboy in a heartbeat. Think about it, he's got a parking lot full of Benzs and BMWs right on Pacific Coast Highway in Manhattan Beach. He doesn't work weekends, and it took him a day to turn around my 900 dollar job, netting him some 400 odd in labor. It's like being a ski instructor in Vail. Anyway, I decide to use the company expense card which has no ceiling, and then I get by butt chewed out for that one month later.

Bank of America was at least being proactive, the problem was that they got to the Spousal Unit before they got to me. Now we're enrolled in some scam that cost us 200 bucks. She, like millions of others, forgot to opt out. So I had to spend an hour on the phone getting my online banking running again. So today they hit me again, proactively, and force me to change my password.

I did so, using one generated by Schneier's PasswordSafe, which is one of the best pieces of software on Windows. Just to make sure, I thought of a cool idea. I wobbled over to another machine (thinking about caches here) and entered the password into Google Search. I figure if Google never heard of it, I'm probably pretty safe, considering that every published password cracklist is on the web, and Google has likely seen it.

You may remember the old George Carlin joke. He said, "I'm going to say a combination of words that you've never, ever heard before. Listen. You've never heard anybody say this: I'm going to take this red hot iron poker and stick it up my ass." It's true of course. Before that moment at the comedy club, I'd never heard anyone say that. But it's a good way to remember that if you're going to use non-generated passwords, you should at least Googlewhack it to be on the safe side. BUT. Don't do it on a machine that you own, or at least wipe the local cache on your browser.

Then again, if you're a glutton for punishment and want to get namejacked, go ahead and stick that hot iron poker of a stupid password.. Nobody is safe.

May 14, 2006

So the guys and I are standing in line at the Subway waiting for the tatooed slackers behind the counter to be done with the sandwich-making for the 3 people who have been in front of us for 15 minutes. The subject turns to the NSA in the news today. I fall back on a couple old saws.

Back in the Bubble days, we went through all this privacy crisis about cookies and who knew what about your websurfing habits. So since I was a sales guy I had to put the whole thing in terms of money and risk - things I figured my audience would understand. So I repeat them today, bottom line, the government doesn't want to invade your privacy half as much as you think they do, and you couldn't stop them if they did want to. The question lies primarily in understanding what your value is as a target of investigation.

So the cookies, credit cards and fear objection to shopping online went a little something like this (recall that this was when Orbitz was a startup). Your travel agent (that almost extinct creature) has all kinds of information about you. Multiple credit card numbers, what kind or rental car you like, what kind of food you like on the plane, what hotels you prefer, your home address and all that. If you're a business traveller, you'll spend thousands and thousands of dollars with this person that you will never see in your life. Now admit it, have you ever in life met your travel agent? So the question was, how much do you think companies pay to get information out of your travel agent? The answer is basically nothing. You volunteer up all that information for something called 'frequent flyer miles'. You (your company) basically has to spend about $20,000 for you to get something worth about $500. That's a real economy.

So my killer question was, how much do you think anybody is going to spend to find out information about you if you're just spending $300 a year online at Barnes & Noble? Very little. You're not worth it. If anybody is going to cheat you out of your cretid card info, it's going to be that pissed off waiter getting paid minimum wage who watches you wolf down that gourmet meal at the restaurant when you under tip.

The other thing I pull out of my hat was my experience with Safeway. Now this was several years ago so I think I can break the silence. But basically they told us that all of that shopping cart data that was attached to your personal ID was collected, but it was too damned expensive to process. They had terabytes and terabytes of data but all the compute time it took to mine it for potential savings based upon the gathered information was so expensive in terms of expertise that it wasn't worth it to try and process it. They told us to shutup about it because they wanted their competitors to believe that they actually were doing it so that the competitors would buy the same huge Sun servers and Oracle software that didn't work for them. They just sat on top of the data and squirreled it away in hopes that someday data mining techniques and supercomputing would get cheap enough to do it. Safeway basically should have done what Walmart did, just forget marketbasket analysis and customer profiling and deal with basic supply and demand for the purposes of smarter pricing. Profiling is a much more difficult problem.

It might surprise you to know that there about an average of 16 thousand murders every year in the US. And I think it's reasonable to believe that NYC's clearance rate of about 2/3rds is probably typical. Considering the massive amount of resources America's largest city has to offer it is probably parallel to the federal effort at anti-terrorism. So here is another factor to deal with. If there are about 5000 unsolved murders in the US every year what can be predicted about the amount of terrorism we might foil, and given that we don't pre-empt them, how many terrorists will get away with murder? For the sake of argument, imagine that the Department of Homeland Security is twice as good at their job as the NYPD. That means we could expect that 17% of all terrorists will escape.

Anybody who watches Law & Order knows about LUDs.
Anytime somebody is murdered, the first thing the detectives do is go
to the phone company and get the records of who the last person was
that the deceased talked to. They don't have the content of those
conversations, just what number, who that person is who owns the number
(but not any proof that the owner was the one talking) and how long the
call was. According to what I've seen, a warrant isn't required in real life. And yet even with this tool, a maximum of about 70% of murder investigations are solved.

I would add one more talking point to this discussion which is obvious. The telephone companies already have this information. What rights do they have to it? What contract might have been breached in selling or giving away that information about your phone calls? What is the dollar value of that transfer of information and how much is it worth it to mine data about you?

Long ago when online banking first came to us, I envisioned a new kind of entity. I assumed that people would trust banks to be trustees for their digital deposits. I thought there might be a such thing as a digital safe deposit box in which you might secure your bits. It hasn't happened. The technology appropriate for that has been decentralized and you can do it yourself. However there isn't much protection easily applicable to your phone and other communications. What I think is needed is some kind of attorney-client privilege shield, the kind that hasn't been broken often, for such matters. One presumes that Google might have done well by the expectation of privacy geeks online, that may or may not be. But what is clear is that people have not been willing to pay for security in a way that might sustain such a bank as I envisioned, and it is unlikely to become a recognizeable business any time soon. It will just be something that geeks know for the benefit of geeks but won't be successfully commercialized. At some point it could be, but how much would you pay?

To be snarky about it, I should ask what protections those people whining most loudly about their privacy concerns have taken to safeguard themselves. I ask those who bleat in fear of global warming why they haven't moved north to Canada. In the end, despite their complaints, they realize it's just not warm enough yet, besides moving would be too expensive. I say likewise the NSA isn't invasive enough and there's no money in it.

April 25, 2006

OK so I just wrote about how I thave a good amount of confidence that we'er going to survive a nuke or two on our major cities. Well, not explicitly, but I implied it. And I'm pretty sure that cancer is not going to kill us all off - in fact it makes us tougher. But what if there were something even more insidious and potentially deadly out there?

I am starting to discover what people think about me. My mind is fertile and lots of ideas are capable of taking root and growing there. In other words, my head is full of steer manure. As if I didn't have enough to concern me, and old buddy I met here in Vegas has got something growing under his fingernails that he scratched into me. Nanobiotech.

Nano who? OK here's the deal and we'll go straight to the scary part. What if you were a mad scientist bent on destruction? With nanobiotech you could conceivably manuafacture Marburg in your garage. Or if you were bored and a tiny bit more clever, you could give the Bird Flu virus just the kick it needs to be transformed into something that passes from birds to humans. Not that it would necessarily be deadly in the communicable form, but you certainly wouldn't take the blame. Most of the planet already thinks it is inevitable. Play god by doing science.

The problem of the 21st century is what to do with the power that will soon trickle down to elite cliques. There used to be a time when the kind of doing that got respect and power in this world, was the doing done by very large organizations. If you wanted to accomplish something of significance and note in the world, you had to have a several hundred million dollars and several hundred bureaucrats, logicians and assorted henchmen at your command. Well that's still the case, except that there are a lot more individuals who have those kinds of resources at their disposal, and it is not altogether clear that they are as well regulated by the force of nations any longer. Of course there are billionaires in the mix too. This level of player is not so well tethered by the would-be Leviathans of society. And while human beings are still meatbags with particular weaknesses, a couple cliques with people like Mark Rich or George Soros in them can wreak interesting havoc.

Since we still live in an era of Scientific Animism, a general belief in progress and riches can collude with self-interest in dangerous ways. What if Bill Gates and a few of his best buds decided that we really need cloned sheep? What's a couple billion in research dollars? Not only a drop in the ocean of big governments but multinationals and global drug traders too.

So we know that there is ability out there. We could argue about motive forever. The bottom line is that sooner or later, especially if we elect another born-again pro-lifer who despises medical research of the godlike variety, some non-government entity is going to start engineering some very small potentially very dangerous microbes. I'm not paranoid, but I'm not falsely secure either. Government doesn't make it better, but it makes it slower so more people can figure out what's going on. In the case of nanobiotechnology, maybe that's the best thing.

Islam isn't the only force for radical change in this world which can spliter off into unhinged areas. Every billionaire and his tribe, every multi-millionaire and his country club / yacht club / health club contingent is a medium-sized disaster waiting to happen. They'll call it investment in biotech..

April 10, 2006

In the news today is the revelation that the NSA has been using something called a Narus 6400, which I take to be a very high capacity and fully programmable packet sniffer, to intercept massive amounts of data from AT&T and one presumes, a bunch of carriers in order to persue the President's initiative on connecting the dots.

We know that Congress has been briefed and we have the assurances of key 'critters that the scope of these investigations, while pushing the envelope of the FISA warrant protocol, is most certainly aimed at terrorists and their associates. So while there are plenty of folks who appear permanently outraged, an interesting question did pop up over at Kevin Drum's joint.

Data mining means what you do with the data after you've collected
it. You use statistical analysis and other techniques to discover
relationships and patterns, on the basis of which you can take further
action.

Where did you get the data? That's what is at issue. They giot the
data illegally without a warrant. THEN they used data mining to narrow
the scope of their privacy invasion, so that they could get more data
illegally without a warrant.

Kevin Drumfuk, the ex marketing guy, knows enough about marketing to
be dangerous. By dismissing all this as "data mining" he has led
countless other moderates to be relatively unconcerned about this NSA
thing -- except for the technical issue of Bush not obtaining warrants
for the deeper penetration.

It was logically clear from the beginning why Bush didn't go for the
warrants. He couldn't, because the evidence he would have had to use to
justify the warrants had been illegally obtained in the first place, by
wide-scale and indiscriminate wiretapping. Whether they used
sophisticated data miningh strategies or just plain common sense
mdoesn't matter. It was illegal from the word go.

Once you cut through the screaming, the question boils down to this. If you're tasked with catching and skinning only blue fish, is it legal to use a net that catches every colored fish? The common sense answer is (whether or not the legal answer is) that so long as you throw the other fish back, it doesn't matter. Or does it?

What little I know about domestic surveillance I learned chasing down some arguments about how the LAPD or FBI might deal with a drug dealer, as well as when the discussion was on Carnivore. Basically, when you tap the wire you tap the entire wire - ie you use the big net. While you listen, and tape, the only part of the conversations that are admissible in court are those relevant to charge. So part of the data mining question is not so much whether or not the Narus box is located at AT&T's central switches, but what volume of data they are sending back to NSA, in other words the collection protocol.

Forget the instrumentality for a moment. If I were the NSA, I would allow the box to be remotely programmed so that if I have a new target profile, I wouldn't have to send a tech to each site. I would also take the smallest reasonable amount of data out of the switch center to make my searches more efficient (reduce the data mining universe and insure against false positive hits) and to reduce my legal liability for eavesdropping. Not to mention that the more data that travels from AT&T to the NSA, the less relatively secure it is.

Drum's nemisis is arguing that NSA is collecting an un-audited & ungodly amount of data from which to mine nuggets of terrorist conspiracy, and that Republicans will necessarily keep a huge amount of this data for their own nefarious and corrupt purposes.

The disconnect between the NSA and the Republicans is something that lots of whiners blithely pave over. NSA professionals are of a different breed than GOP apparatchiks, let us keep that in mind. But here's where it gets interesting.

If I were the NSA, I would want to reverse-engineering Narus' technology. Why rent the cow when you can own the farm? The question on Narus' liability would depend a bit on whether or not its machine was doing all it was supposed to do, and if NSA hacks it and makes it grab more than it should, then Narus could be in trouble. But if the NSA had a reputation for doing such dirt, it would be difficult for them to ever get outside help, and I seem to recall that they were trying to improve their ability to leverage tech that wasn't invented there. Clearly EMC has done alright for itself (and it comes as no surprise that they own VMWare when you think about it). Still, the NSA's interest in domestic surveillance is basically 4 years old.

February 13, 2006

An interesting discussion about recently confirmed cold fusion is going on over at Slashdot. Here's a real gem that puts some nuke fears into perspective. I never really thought about what quality nukes a terrorist might actually get their hands on.

Modern nuclear weapons are around 1 MT, usually a bit less, as that's the optimal size for a weapon you can target accurately. The larger nukes of old were designed to crack silos with a near miss, were extremely expensive for their mission, and were taken out of service long ago. If a terrorist gets a nuclear weapon, it's either going to be a sub-MT military weapon, or a quite a bit smaller "home made" fission only device (modern nukes are pretty sophisticated fusion-pumped-fission devices).

Let's do the math [nuclearweaponarchive.org]. A 1 MT nuke detonated at optimal blast height will knock down residential structures at a radius of 10 km, more solid buildings at 7 km, and at 5 km knock down reinfored buildings and kill people outright from the blast (and all other effects, such as high doses of radiation, have smaller radii). A surface blast would have a far smaller effect. The only real point of a surface blast is to generate radioactive fallout (an air blast generates surprisingly little, though it would still hinder clean-up and rebuilding).

So yes, in theory, a terrorist with a high-quality military nuke (let's imagine a few were sold out of the old USSR armory, and somehow still worked today (the tritium would have to be replaced, which is quite technical, but lets imagine a scientist came with the bomb)) could sit a couple of kilometers off the coast and destroy some structures along the coast. Good for psycological impact, but not much else, and insanely expensive to carry out. A 50 kt fission bomb, a far more likely scenario for a terrorist, would have less than 40% of the blast radius of the high quality military bomb, and would probably need to be within 1 km to be effective.

A surface blast over *land* is what a terrorist wants, because the radioactive fallout would cause a world of hurt. You'd get very little of that even 1 km off the coast, and even a ship at a dock would produce far less fallout than a bomb 1 km inland. It's *definitely* worth checking for nukes at ports of entry: the threat just goes down very fast as the bomb moves away from land.

February 07, 2006

When I was a California teenager, I used to roller disco. In fact I was about as good in that as in most things I do - the lower upper middle class. Which means that I was good enough to be an extra in a first rate deal. Always mindful of such matters at the ridiculous age of 19, I often made it a habit to hang out at Venice Beach and Hollywood Blvd. As a measure of my own vanity and success at roller disco, I would perform and get people to take pictures of me. These would be tourists of course, locals would recognize me, and I would always be welcome to hang out with the cool guys and girls as we skated our way into that particularly Californish oblivion. Somehow I am reminded of this by the Cameo song 'Shake Your Pants' as well as 'Gloria' by Laura Branigan.

But I was also reminded of this by my trip to Hollywood the other night as I found myself in the viewfinder of half a dozen folks with digital cameras. And I wasn't even showing off. Everybody has got digital cameras it seems. Outside of your home, it's the big bad public boys and girls. Be prepared for reality TV. I'm quite adjusted to this reality because I recognize my ability, abetted by Google and you lovely trackbackers and readers, to create a self-portrait which is better than the average Joe. That is to say while it would take a bunch of you a while to figure out what my zipcode was in 1993, it's actually published somewhere in mdcbowen.org. And because mdcbowen.org has been growing steadily for over a decade, it would take quite a bit of disinformation to destroy the public record I have created about myself. I'm not saying that it would be impossible, but that it would have to be a professionally done job, a contract of non-trivial figures would be required to undo what I have done in public.

Since I am a member of the Bear Flag League and the Conservative Brotherhood, for example, it would be particularly difficult to make the case against my character as a domestic terrorist. Hell, people believe that I follow and defend George W. Bush blindly.

But what if? What would I have to do in order to be the target of the kinds of extra-FISA spying that is going on these days? What kind of finger has to point me out? It would certainly be more than a random happenstance. What keeps me safe from the prying eyes of the government? Nothing. Absolutely nothing. I understand this. I know that every code I know everything I am could be put under a microscope. You might say that I am paranoid about it, but I think it would be more appropriate to say that I am Jewish about it. I understand that there is an almighty power that certainly capable and willing to judge everything I have ever done in my life. Whether it is God or the Government makes little difference to the extent that I discipline myself to be exactly what I intend to be. That is to say, my belief that I will ultimately be called into account for my life is a self-directed kind of thing.

It's facile to say that only terrorists should be afraid. We should all be mindful of whether our laws are just and whether they are followed whether or not our own personal privacy is at risk. I'm all for the disclosure that Congress is forcing upon the Administration. It's about time that they do their job, and while they're posing and being shrill, they are doing a decent job in giving us all something more to chew on. Nevertheless what is at the bottom of all this war on terrorism is a matter of character. Some people who believe they are only accountable to God and not to their neighbors have decided to hide their character and intent. They are, not like young American teens, shameless and wanting to be seen and admired by everyone. No they carry secret burdens and secret shames and are trying to conduct their business in secret. But we're all watching and listening and trying to ferret out those who would destroy our society and peace. Everybody has a camera. Everybody is being watched. What if the enemy is us?

In the end there's only one way to find out. Follow your suspicions and clues and expose the motives and intents of your suspects. It means everyone may be called into account. There's no better case for improving one's character than that.

February 06, 2006

I try not to go through life with my jaw dropped, but I have to admit there are some awesome things to marvel at. Today I have marveled at the pretense of objectivity by Nina Totenberg and the whole NPR staff that pre-empted Terri Gross with their idiotic 'Special Report' on the Intelligence Hearings. I marveled at the arrogance of those Congresscritters who do nothing all day but suck up to lobbyists and their wacko constituents instead of really bothering to get into the guts of understanding how the President is actually approaching FISA. The nerve of their speculation!

Not too many people are blogging about E0 12333 (in plain sight), but I hope some (like Bloggledygook) get into the thick of it. Because if Leahy isn't going to moderate his mouthing off about the NSA professionals and Administration lawyers blindly breaking the law, and if NPR isn't going to be reasonable in their coverage we're going to have to do some fisking. The way they were pushing Gonzales all over the map like W had gone apeshit was really embarrassing.

But there are astonishingly good things to marvel at as well. Today I found this essay which I hope people all over the 'sphere gang-tackle. It's great! O would it I were Instapundit. Hmm.

The only point to death is a point you make yourself. You make your death have meaning by giving your life meaning. You give your life meaning by choosing a project to accomplish, or by accepting as your own a project given to you by others or by God. That's it; but that's everything. The young marines who have died in Iraq did not die pointless deaths or meaningless deaths.

Definitely read the entire piece and find a way to spit once again in the face of Joel Whatshisname. You see we live in a country where there is a huge population of loud people with access to mass communications who are mentally and morally incapable of understanding the honor due soldiers who fight in defense of our liberty. So you can hardly expect them to see the value in electronic surveillance. If there is a sliver of a law they could use to decapitate executive leadership, they'll use it.

January 26, 2006

My father was the adminstrative assistant to a Congressman on the House Intelligence Committee at the time FISA was enacted in 1978. I was and am familiar with the public and Congressional debate on FISA at that time. I was engaged in the private practice of law at that time and so able to follow the details.

My brief conversations with my father and his boss about FISA taught me that Congress was determined to head off future domestic abuses of what was then perceived as the NSA's rapidly growing eavesdropping ability. They didn't care at all about "foreign communications" - those into or out of the U.S. The Executive Branch was adamant about Congress not touching the NSA's surveillance of foreign communications, and Congress didn't care at all about that so the Executive Branch got its way there.

January 19, 2006

The problem with me is that I've done roller disco at Venice Beach and breakdancing at an awards banquet. The rest of you might be more easily embarrassed by con-men and blackmailers. So if you think you may have surfed some porn and that Google might know something about it, you might want to anonymize your Google cookie. I find it difficult to give a gnat's gonads, but it might just be that I'm not paranoid in the proper dimensions. I worry a lot more about people finding out that I might have bad breath.

Those of you on the inside of the bubble may have already been there, and I may adjust my habits in due time. In the meantime here's the link.

December 21, 2005

I hereby punch myself in the nose and admit that I have been taken in by viral marketing. All that Dave Chappelle business is clever marketing hype for a new Charlie Murphy movie. But now I'm not even sure that it's a real movie.

Trust no one. Especially not friends who send you IMs in the middle of the night with hot news about Dave Chappelle.

Let the record show that the last page was not there two days ago. At least that's my source's excuse. My excuse? I write too much.

July 06, 2005

I must confess that although most of my passion about the Plame Affair is spent, the idea that Karl Rove is the dealer of dirt makes for a healthy bashing. I say whomever did it should go down, but I won't get particularly purturbed if it doesn't happen. Part of the reason has to do with the complexity of the shield privileges and my orientation towards technology.

I always believed that some private companies or entities (and I had always thought it would be banks until I realized how wealthy and powerful ISPs have become) would do the public a great favor by providing digital escrow accounts. The basic idea was for an individual to be able to do the 'swiss banking' thing with their digital data.

Anyway, cut to the chase, here's what I'm looking for. I am looking for bloggers and cypherpunks to come up with a way to shield and serve whistleblowers, and I want Pajamas Media to be the place. If you don't trust Time or the MSM, trust the blogosphere.

June 03, 2005

I am fascinated by Wall Street bond trading and nuclear weapons. You can talk about these things all your life and never really understand them. I am also fascinated by remote places on the globe, not because they are particularly hostile, but because they are remote. So this evening by chance navigation by way of Google Earth and Alamogordo, NM, I have arrived at a Russian nuclear test site. It's an island called Novaya Zemlya.

Chances are you've never heard of the place before. I know I haven't. And yet isn't that extraordinary? The biggest explosions in the history of mankind, these nukes. But none of us know where they happened or might be happening.

May 29, 2005

Despite all the guns out there, chances are, you're not going to get shot. Despite all the credit cards you have, chances are your identity is not going to get stolen.

I've been a little lax on following up on the many interests I've cultivated in my life, among them security and paranoia. So I've only vaguely heard tell of Bank of America's loss of private information to crackers and identity fraudsters. But I'm not really worried.

Back in the days, before the internet bubble, our division got into a lot of PR hot water over the matter of privacy. I had a nicely complex argument that shot down most arguments against our cookies and weblog inspections that went a little something like this. You need to take into consideration the value of your information. Why would a thief buy $500 tools to steal a $50 item? And while it may be true that part of the value of these recent identity theft break-ins is the size of the theft, sooner or later there has to be a fence value for each one. What is, indeed, the value of you mother's maiden name?

I've been thinking about what the value of my writing on the internet for the past 12 years has been. I've always assumed that some poor graduate student would have to troll through it after I'm gone to make some anthropological sense of the contribution of the post-civil rights black middle class. But more recently, especially since my mother says I confess too much, I've been thinking about its value to my own children. After all, they're probably the only ones who really care enough to read more than a little bit. I don't tell people to read my blog, and I don't often mention that I do blog, but I think that most of my friends know about it - and don't read it. I know that my mother is the only family member that reads Cobb on the regular. Such facts, combined with the fact that my IQ is right about at the same level as my FICO score, I don't particularly worry about my identity being stolen.

I have several issues with 'action at a distance', and so while I am often the first to indulge in the latest technological goody, I am far from being dependent or overly respectful of all this stuff. I know how fragile it is and how wrong it can be.

Since I'm not cheating on my wife or stealing from my employer or blackmailing anyone, I can see no particular enemies looking to do me in. When you think of the guns and violence, we know that people are generally killed by people they know for reasons that don't take long to figure out. It's likely to be your own son who is out joyriding in the family sedan. Because it's a family sedan, it's not so attractive to professional thieves. My identity is no Mercedes Benz, at least my identity as tied to financial data about me in hackable computers somewhere. But if there is dirt doable to me, it would most likely be by an insider. Did I spend 200 bucks on a dinner in Salt Lake City? My wife would kill me if she found out. That's my kind of worry. (Actually it was only 74 bucks).

So considering the massive amount of information about me through my blog, and who knows what the google archive has via google groups, there's a lot to know, but little to do. What's the motivation? How is the information valued? Moe importantly, how does it get fungible? Which is to say, where is the fence? What is the eqivalent of a pawn shop for the last four digits of your social security number? What do you care if your eyeglasses perscription falls into the wrong hands?

Still, I'd be a bit more comfortable if we had the option to generate our own passwords and identifyers. PGP with a picture and a signature would be plenty. Some joint like the UPS Store (where my favorite Notary Public can be found) or Kinkos could provide this service to customers - live authentication. Banks would be uniquely qualified to do similar things. In fact, I could see a privatized national ID system coming to fruition sooner than a Federal one, and I'd be all for it. Until then, all my business is in the street, and who cares?

May 05, 2005

Emmitt Louis Till died about 50 years ago, but it has been decided that his body should be exhumed in order to discover new forensic evidence which might lead to others who might have participated in his killing.

In a related story, a registered Oklahoma sex offender was not captured in a Georgia arrest because of a 'failure' to match his fingerprints with all of his known aliases in the FBI database.

People keep mumbling about national ID cards and drivers license requirements. All three subjects are fueling the fire for construction of the American Panopitcon.

Since I'm a civil libertarian, as is most of the Old School, considering that it was our Civil Rights Movement that gave birth to that infrastructure, I have my reservations about panoptic security. That means that I recognize the tension between liberty and security. If I remember correctly, Patrick Henry didn't say "Give me security and give them death." I think we're on the same side of the fence.

And yet the more we try to get justice 50 years late, by using new techologies, the more we tip the balance towards building the perfect system of security. Sure murder is murder and there is not statute of limitations on that, but such matters cannot be taken in isolation. The proper legacy of Emmitt Till is not to be found in a murder conviction, but the moral conviction his death fired in 1950s America. To ask more of Till's dead body is to enable the panoptic forces.

Gladwell's best aphorism of 'Blink' comes to me in the form of the notion of panoptics and chess. Those who argue that enabling the electronic eyes ears and noses of the Justice Department (or the Defence Department or the Intelligence Services) will make us win, because we'll be able to see and hear everything. But consider a chess game. Surely there is nothing you can't see in a chess game. But does seeing everything help you win? No. You cannot see what your opponent is thinking. All you know are the moves he has made in the past.

Surely providing for our security is more complex than a chess game and it's better to see than to be blind. But there are limits at which the price of seeing is not worth the marginal benefit of security. We should be more robust in ourselves and stop wishing for intervention under all circumstances.

April 12, 2005

Little Brother
The cases brought against protesters in NYC during the Republican National Convention have had a stunning failure rate of 91% according to this story in the NYTimes.

I take this one at face value as further evidence of what the decentralization of technology will enable citizens to accomplish independent of large slow traditional organizations. This is clearly smartmobbery, which can be a good thing. On the other hand, it can start an escalation in the sophistication with which red-handed authorities handle their tech. I predict the upper hand will remain with the crowds for the forseeable future.

March 06, 2005

Apart from the fact that I am doing it between 9pm and 2am, my quest to master elements of electronic security are very good for me.

When I took my first full-time job in 1979, it was at the radio department at Fedco La Cienega. As much as it's possible to be something of a local celeb, it was a very cool job to have back in those days. Hmm. I do need to do some more writing about those days. At any rate, I spent a lot of time at the high end audio concession and had a serious case of audiophilia, traces of which infect me to this day. What astounded me was that I discovered that there were turntables which didn't wear out records or skip. In my entire life up until that point, I took it as the nature of the beast that eventually all vinyl records skip and that you need to tape coins onto the tonearm so they wouldn't. Then I started learning about the subtlties of tracking force, anti-skate and the rest of turntable physics and I began to understand a new dimension. I soon purchased a Dual 440 and showed off the fact that I could play records upside down. Freaked people out, and underscored my lust for the technology. These days I am lusting after the unattainable beauty of perfect security. I'm actually starting to have dreams about it.

I've gotten my GnuPG working through Enigmail and a crufty little tray app called WinPT, but I'm digging the CLI. I've also been coming up with a series of code schemes to assist me. As I continue on this quest, several aspects of security are becoming clearer to me - to the point at which the hitherto impenetrable language is actually starting to make sense. But that means bigger questions.

February 19, 2005

A huge explosion halfway across the galaxy packed so much power it briefly altered Earth's upper atmosphere in December, astronomers said Friday.

No known eruption beyond our solar system has ever appeared as bright upon arrival.

But you could not have seen it, unless you can top the X-ray vision of Superman: In gamma rays, the event equaled the brightness of the full Moon's reflected visible light.

OK what does this mean. It means a couple things. If there were a neutron star that flashed like this somewhere in this galaxy, we'd be dead. No only that, since gamma rays and light and all that fun stuff travels at the same time, there would be no warning. Warning would be impossible. One side of the planet would get fried immediately, and depending on how long the flare was so would the other. Then if all of our best scientists and equipment were to survive, it would take them two months to figure out what happened.

February 16, 2005

Just yesterday I downloaded cfv, a cool CLI tool for win32 that gives me some version checking stuff. I'm going to build a general purpose thingy that helps me build some automatic versioning tools and tripwire stuff. There are plenty of applications for it and I'm going to try to work it to make a secure file system, which is to say one that allows me to eyeball a log of changed files on a daily basis, extra coolness eh?

Anyway, the cfv package hosts a myriad of hash functions which are of varying length and sophistication. I'm a bit paranoid, now that I mention it, of the PGP 8.1 version that I got from PGP.com because its signature file has a dead or revoked key and the pgp keyserver isn't very responsive. I'm beginning to think that PGP itself is a honeypot. So my trust of hash functions has come pretty much down to MD5. But even so, since I use SlavaSoft's HashCalc, I had some interest in SHA1 since its result is a little bit longer. (This by the way made me think of whether or not that's what Google or other websites use to make an ID cookie...) Either way, it appears that it's now broken. This means work for security guys everywhere. Flight to quality. Must be nice.

Yes, they found a way to break the hash function. But as the parent said, it does not mean it's suddenly invalid. Sure, the group found a way to break the algorithim, but look at According to TFA a collision can be found in about 2**69 hash operations. That's 590295810358705651712 attempts before they can find a match, as opposed to the 2**80 (1208925819614629174706176) that was expected before the paper. While the paper means it is orders of magnitude less work, it still means a lot of work for the attacker. Lets look at two relevant examples: disc images and passwords. Lets say I have an ISO disk image. I hack it, and want to modify some of the 'junk' bits using their algorithm. I'd still need to perform 590295810358705651712 hash operations on that image. Computing the hash of a disc is a slow operation. That's not something I could do in a day, week, or even a few months. Perhaps if I had a massivly parallel computer available, I could do it, but not as an individual. For a password, hopefully your system would lock the account long before there are that many failed login attempts. However, if your attacker has that kind of resources, you can assume it is feasable for them to find a hash collision. That's really only significant for governments, multi-national organizations, and other major enterprises, but not for most people.

So down here on earth, it's not a big deal, especially for those of us who don't shred all our trash.